1. Manuals
  2. Brands
  3. GE Manuals
  4. Control Unit
  5. VersaSafe VersaPoint IC220SDL840
  6. User manual

GE VersaSafe VersaPoint IC220SDL840 User Manual

Module with safe digital relay outputs
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
GE
Intelligent Platforms
Programmable
VersaSafe
VersaPoint* Module: IC220SDL840
SAFE OUTPUT, RELAY, 4 PT
User's Manual, GFK-2734
May 2018
Control Products

Advertisement

Table of Contents
loading

Related Manuals for GE VersaSafe VersaPoint IC220SDL840

Summary of Contents for GE VersaSafe VersaPoint IC220SDL840

  • Page 1 Intelligent Platforms Programmable Control Products VersaSafe VersaPoint* Module: IC220SDL840 SAFE OUTPUT, RELAY, 4 PT User‘s Manual, GFK-2734 May 2018...
  • Page 3 User‘s Manual VersaPoint module with safe digital relay outputs 2018-05-15 Catalog No.: GFK-2734 Revision: This user manual is valid for: Catalog No. Revision IC220SDL840 HW/FW/FW: 00/200/100 HW/FW/FW: 00/201/100 HW/FW/FW: BA (01/201/100)
  • Page 4 GE Intelligent Platforms accepts no liability for erroneous handling or damage to products from GE Intelligent Platforms or third-party products resulting from disregard of information contained in this manual.
  • Page 5 Features may be de- scribed herein which are not present in all hardware and software systems. GE Intelligent Platforms assumes no obligation of notice to holders of this document with respect to changes subsequently made.
  • Page 6 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 7: Table Of Contents

    Table of contents For your safety.......................... General safety notes ..................1-1 Electrical safety ....................1-2 Safety of the machine or system ................ 1-4 Directives and standards..................1-4 Correct usage..................... 1-5 Documentation ....................1-5 Abbreviations used ..................1-6 Product description........................Brief description of the safety module ..............2-1 Structure of the safety module ................
  • Page 8 Assembly, removal, and electrical installation ................Assembly and removal ..................4-1 4.1.1 Unpacking the module ................ 4-1 4.1.2 General ....................4-1 4.1.3 Setting the DIP switches ..............4-2 4.1.4 Assembly and removal of the safety module ........4-3 Electrical installation................... 4-5 4.2.1 Electrical installation of the VersaPoint station ........
  • Page 9 Startup and validation....................... Initial startup ....................... 8-1 Restart after replacing a safety module ............. 8-2 8.2.1 Replacing a safety module ..............8-2 8.2.2 Restart ....................8-2 Validation ......................8-3 Errors: Messages and removal....................Safe digital relay output errors ................9-3 General errors ....................
  • Page 10 Appendix: F-Parameters and iParameters ................F-Parameters ....................B-1 iParameters ...................... B-2 Diagnostic messages for parameter errors ............B-3 B 3.1 Diagnostic messages for F-Parameters and iParameters for PROFIsafe ..................B-3 B 3.2 Diagnostic messages for parameter errors for VersaSafe ....B-4 Appendix: Checklists .......................

  • Page 11: For Your Safety

    For your safety Purpose of this manual The information in this document is designed to familiarize you with how the IC220SDL840 safety module works, its operating and connection elements, and its parameter settings. This information will enable you to use the module within a VersaSafe or PROFIsafe system according to your requirements.

  • Page 12: Electrical Safety

    Repair work may not be carried out on the safety module. repairs In the event that an error cannot be removed, please contact GE Intelligent Platforms immediately, engage a service engineer or send the faulty module directly to GE Intelligent Platforms.
  • Page 13 Direct/indirect contact Protection against direct and indirect contact according to VDE 0100 Part 410 must be ensured for all components connected to the system. In the event of an error, parasitic voltages must not occur (single-fault tolerance). This can be achieved by: –...

  • Page 14: Safety Of The Machine Or System

    For the standards observed by the module, please refer to the certificate issued by the approval body and the EC declaration of conformity. These documents are available on the Internet at http://support.ge-ip.com. User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 15: Correct Usage

    Documentation Latest documentation Make sure you always use the latest documentation. Changes or additions to this document can be found on the Internet at support.ge-ip.com. VersaSafe When working on the VersaSafe system and its components, you must always keep this user manual and other items of product documentation to hand and observe the information therein.

  • Page 16: Abbreviations Used

    PROFIsafe When working on the PROFIsafe system and its components, you must always keep this user manual and other items of product documentation to hand and observe the information therein. User manuals: – For the safe controller used – For PROFIsafe I/O modules –...

  • Page 17: Product Description

    Product description Brief description of the safety module The IC220SDL840 module is an output module, which is designed for use within a VersaPoint station. The IC220SDL840 safety module can be used as part of a VersaPoint station at any point within a VersaSafe or PROFIsafe system.

  • Page 18: Structure Of The Safety Module

    Structure of the safety module IN 2 IN 1 77221007 Figure 2-1 Structure of the safety module Data jumpers (local bus) Electronics base with labeling including hardware/firmware/firmware version designation (not shown) Switch for setting the transmission speed and mode Switch for setting the protocol and address For more detailed information about setting the switches, please refer to "Setting the DIP switches"...

  • Page 19: Housing Dimensions

    Housing dimensions 73,2 71,5 77222001 Figure 2-2 Housing dimensions (in mm) GFK-2734 Chapter 2 Product description...

  • Page 20: Safe Digital Relay Outputs (Floating Contacts)

    Safe digital relay outputs (floating contacts) The safety module has four safety relays each with two floating relay contacts (relay outputs), which can be used as follows: For two-channel assignment: – Two two-channel relay outputs For single-channel assignment: – Four single-channel relay outputs Basic structure Signal OUT0_Ch1...
  • Page 21 Parameterization The individual safe digital relay outputs of a safety module can be parameterized differently. This means that the relay outputs can be adapted to various operating conditions and different safety integrity levels can be implemented (SIL, SIL CL, Cat., PL) (see "Connection examples for the safe relay outputs and the safety-related segment circuit"...

  • Page 22: Safety-Related Segment Circuit

    (see Section "Ordering data: Documentation" on page 11-9). The application note includes lists of approved terminals, requirements for wiring, and safety notes. The document is available on the Internet at http://support.ge-ip.com. User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 23: Clock Outputs Ut1 And Ut2

    Clock outputs UT1 and UT2 The module has two clock outputs, UT1 and UT2, which only operate together with the assigned alarm inputs, IN1 and IN2. The clock outputs provide the input voltage for the alarm inputs. Each of these clock outputs provides a pulse pattern for monitoring the external wiring and the connected loads.

  • Page 24: Alarm Inputs In1 And In2

    Alarm inputs IN1 and IN2 The module has two alarm inputs, IN1 and IN2, which only operate together with the assigned clock outputs, UT1 and UT2. They are used for contact monitoring for externally connected switching elements. This function can be used to monitor the contacts of externally connected switching elements.

  • Page 25: Connection Options For Actuators Depending On The Parameterization

    Connection options for actuators depending on the parameterization Actuators that meet various safety requirements depending on the parameterization can be connected to the relay outputs and the output modules in the safety-related segment circuit. For connection examples, please refer to Section 6, "Connection examples for the safe relay outputs and the safety-related segment circuit".

  • Page 26: Local Diagnostic And Status Indicators

    Local diagnostic and status indicators I N 2 IN 1 77221002 Figure 2-4 Local diagnostic and status indicators on the IC220SDL840 module Function identification: Dark red Table 2-1 Local diagnostic and status indicators Green LED Diagnostics OFF: Communications power not present Flashing at 0.5 Hz: Communications power present, local bus not active Flashing at 4 Hz:...
  • Page 27 Table 2-1 Local diagnostic and status indicators [...] Green/red LED Status of each relay output (see "Terminal point assignment" on page 3-4) 0.1, 0.2 0.1 Relay output 0, channel 1; 0.2 Relay output 0, channel 2 1.1, 1.2 1.1 Relay output 1, channel 1; 1.2 Relay output 1, channel 2 Green: Relay output at logic 1 OFF:...

  • Page 28: Safe State

    2.10 Safe state The safe state for the module is the zero current state at the output terminals, i.e., the relay contacts are open (see Section "Safe digital relay outputs (floating contacts)" on page 2-4). PROFIsafe: The safe state for the F-Output data is "0". The safe state is entered by means of passivation (see "Passivation"...

  • Page 29: Device Errors

    2.10.3 Device errors Relay outputs If a hardware fault in the internal circuit is detected at a relay output, all module relay outputs are disabled ("0" = OFF = safe state). The relevant diagnostic message is transmitted to the safe controller (see Section "Safe digital relay output errors"...

  • Page 30: Parameterization Errors

    2.10.4 Parameterization errors Parameterization errors are indicated: – As long as the module is not parameterized – In the event of faulty parameterization Parameterization errors cause the entire module to enter the safe state. The FS LED on the safety module flashes. In the event of faulty parameterization, the relevant diagnostic message is transmitted to the safe controller (see Section "Parameterization errors"...

  • Page 31: Process Data Words

    2.12 Process data words VersaSafe For the assignment of the illustrated (byte.bit) view to your control or computer system, please refer to the DB GB IBS SYS ADDRESS data sheet. The module occupies four words in the VersaPoint system. For information about how these words are mapped, please refer to the documentation for the configurable logic module used.
  • Page 32 The enable function is not graphically represented in VersaConf Safety in the safety logic editor. Parameterize the enable function when parameterizing the channels. The following figure illustrates the enable principle. IC220DSL840 PSDO_OUT_Data Diag S_Data Diag S_Data & OUT0_Ch1 PSDO Data_PSDO.0 OUT0_Ch2 &...

  • Page 33: Profisafe (Profibus, Profinet)

    2.12.1 PROFIsafe (PROFIBUS, PROFINET) The module occupies four words in the VersaPoint system. The way in which these words are mapped in the higher-level control system is specific to the controller used and is described in the quick start guide for the controller. The switch position for selecting the data width has no function in PROFIsafe operation.
  • Page 34 User manual IC220SDL840 - May 2018 2-18 GFK-2734...

  • Page 35: Versapoint Potential And Data Routing, And Versapoint Connectors

    VersaPoint potential and data routing, and VersaPoint connectors VersaPoint potential and data routing In order to operate the safety module it must be integrated in a VersaPoint station within the VersaSafe or PROFIsafe system. The bus signals are transmitted via the VersaPoint data jumpers. The required supply voltages are transmitted via the VersaPoint potential jumpers.

  • Page 36: Supply Voltage U M

    Supply voltage U Supply the supply voltage at a bus coupler or a power terminal. It is supplied to the safety module via the VersaPoint potential jumper U WARNING: Loss of the safety function when using unsuitable power supplies Please observe the points in Section "Electrical safety" on page 1-2. The supply voltage U is used to supply the clock outputs.

  • Page 37: Supply Voltage U S

    NOTE: Damage to module electronics in the event of surge voltage Do not use a DC distribution network. DC distribution network according to IEC 61326-3-1: A DC distribution network is a DC power supply network, which supplies a complete industrial hall with DC voltage and to which any device can be connected. A typical system or machine distribution is not a DC distribution network.

  • Page 38: Terminal Point Assignment

    Terminal point assignment 5.1 5.2 5.3 5.4 6.1 6.2 6.3 6.4 75561004 Figure 3-2 Assignment of plug-in connectors on the module For the IB IL 24 SDOR 4-PAC, the VersaPoint and COMBICON connectors are supplied with the module. They are keyed and labeled accordingly for connection to prevent polarity reversal.
  • Page 39 Table 3-1 Terminal point assignment for VersaPoint connector X1 Terminal point Signal Channel assignment Remark None None OUT0_Ch1_13 Relay output 0, channel 1, contact 13 24 V OUT0_Ch2_13 Relay output 0, channel 2, contact 13 24 V OUT0_Ch1_14 Relay output 0, channel 1, contact 14 24 V OUT0_Ch2_14 Relay output 0, channel 2, contact 14...

  • Page 40: Internal Basic Circuit Diagram

    Internal basic circuit diagram Local bus Logic +24 V (U ) +24 V (U ) +24 V (U ) +24 V (U ) 75560021 Figure 3-3 Internal basic circuit diagram Key: Protocol chip Terminal point O P C (bus logic including voltage conditioning) Potential or data jumpers with jumper contacts L o g i c Logic circuit...

  • Page 41: Assembly, Removal, And Electrical Installation

    Assembly, removal, and electrical installation Assembly and removal 4.1.1 Unpacking the module The module is supplied in an ESD box together with a package slip with installation instructions. Please read the complete package slip carefully. The module may only be installed and removed by qualified personnel. NOTE: Electrostatic discharge The safety module contains components that can be damaged or destroyed by electrostatic discharge.

  • Page 42: Setting The Dip Switches

    4.1.3 Setting the DIP switches The module has a 2-pos. and a 10-pos. DIP switch. The DIP switches are located on the left-hand side of the safety module. 500KBD Mode2 2MBD Mode1 500KBD Mode2 2MBD Mode1 F-Address F-Address 77221009 Figure 4-1 DIP switches Switch for setting the transmission speed and the mode Switch for setting the protocol or the address (for PROFIsafe, VersaSafe)

  • Page 43: Assembly And Removal Of The Safety Module

    Overview of the switch positions Table 4-1 Switch position for VersaSafe VersaSafe Mode switch Address switch Island number Satellite number Mode 2 to 31 to 5 Table 4-2 Switch position for PROFIsafe PROFIsafe Mode switch Address switch Mode 1 to 3FE Procedure If the DIP switch settings have to be modified, proceed as follows: •...
  • Page 44 Figure 4-2 Snapping on the safety module base • Check that all the snap-on mechanisms are securely snapped into place. – Insert connectors Only use the connectors supplied with the module or connectors that are approved as replacement items (see "Ordering data: Accessories" on page 11-9). –...

  • Page 45: Electrical Installation

    – Removing the COMBICON The module can be removed without removing the COMBICON connectors. connectors • Pull the COMBICON connectors from the module. Hold onto the COMBICON connector housing when removing it. Do not pull on the cables to remove the COMBICON connector.

  • Page 46: Electrical Installation Of The Safety Module

    Push a screwdriver into the slot of the appropriate terminal point (Figure 4-6, detail 1), so that you can insert the wire into the spring opening. GE Intelligent Platforms recommends using a SZF 1 - 0.6X3.5 screwdriver. • Insert the cable in the corresponding terminal point of the connector (Figure 4-6, detail 2).
  • Page 47 • Insert the assembled connectors in the corresponding module slot (see Section "Terminal point assignment" on page 3-4). WARNING: A short circuit between adjacent terminal points can lead to the loss of the safety function Ensure that the wires are connected properly. This is essential to prevent the error "short circuit between adjacent terminal points/cables".
  • Page 48 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 49: Parameterization Of The Safety Module

    Parameterization of the safety module Parameterization in a VersaSafe system Parameterization includes the following: – Specifying the VersaSafe address for the corresponding configurable logic module – Parameterization of outputs VersaSafe address The VersaSafe address is a unique ID for the safety module in the VersaSafe structure. It is assigned in the configuration software for the assigned configurable logic module.

  • Page 50: Parameterization Of The Safe Relay Outputs

    Parameterization of The parameterization of the safe outputs determines the behavior of the module and thus outputs has a considerable effect on the safety integrity level that can be achieved. To parameterize the module, the parameterization of the safe controller created in the parameterization tool is automatically written to the module on every power up or reset.
  • Page 51 Table 5-1 Parameterization of relay outputs [...] Parameterization Value range Remark OUT0 - OUT1 Do not evaluate Assignment to alarm input IN1 for monitoring the external wiring Evaluate and external power gain (e.g., contactors). If IN1 is activated, both the internal alarm contacts of the safety relay and the status of input IN1 are detected.
  • Page 52 Table 5-1 Parameterization of relay outputs [...] Parameterization Value range Remark OUT0 - OUT1 Value range of switch-off Value x 10 in ms Value range/unit for the parameterization of the "Switch-off delay delay for stop category 1 Value x 100 in ms for stop category 1"...

  • Page 53: Parameterization Of Clock Outputs And Alarm Inputs

    WARNING: Delayed shutdown when using stop category 1 For stop category 1 please take into consideration the following: – In the event of an error (excluding bus errors) the affected outputs (safety relay) are switched off immediately (without delay). In this case, only stop category 0 is supported.
  • Page 54 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 55: Connection Examples For The Safe Relay Outputs And The Safety-Related Segment Circuit

    The following examples only describe the options for the electrical connection of controlled devices/actuators to the safe relay outputs. Should you have any questions regarding applications to be implemented, please contact GE Intelligent Platforms. The following are specified for each example: –...

  • Page 56: Notes On The Protective Circuit For External Relays/Contactors (Free Running Circuit)

    Errors (cross circuits, short circuits), which can be prevented by correct installation (e.g., protected cable installation, isolated cable installation, double insulation, use of ferrules) are not described in the following tables. Therefore, for example, only errors between relay outputs, which are on the same connector, are described.

  • Page 57: Measures Required To Achieve A Specific Safety Integrity Level

    Measures required to achieve a specific safety integrity level The safety integrity level (SIL, SIL CL, performance level, and category) that can be achieved is specified for each connection example. SIL, SIL CL In order to determine the probability of failure according to EN 62061 (SIL CL), use this standard.
  • Page 58 Cat. 3 – Use proven safety principles. – Use appropriately qualified actuators (see Section "Requirements for controlled devices/actuators" on page 2-5). – Please note that mechanical failure of the switching device can result in the loss of the safety function. –...

  • Page 59: Single-Channel Assignment Of Safe Relay Outputs

    Single-channel assignment of safe relay outputs For single-channel assignment, the safety relays operate independently of one another. This means that they are controlled individually by the safe controller. It is possible to monitor external loads and the wiring for errors. In this case, use a clock output (UT1 or UT2) with the associated alarm input.
  • Page 60 Basic specifications Actuator Single-channel Achievable SIL 2/SIL CL 2/Cat. 2/PL c SIL/SIL CL/Cat./PL External errors that can be If alarm inputs IN1 or IN2 are used: detected An external load does not pick up An external load does not drop out Errors that cannot be If no alarm inputs are used, no errors can be detected in the external load or in the wiring.
  • Page 61 Table 6-3 Single-channel: Alarm input assigned Error type Detection Diagnostics Loss of Remark Short circuit Output to 24 V The error is detected in the OFF state of the output. Prevent this error. Output to ground The error is detected in the ON state of the output. Protect the output against damage using a preconnected fuse.
  • Page 62 Device diagnostics and behavior of the module in the event of an error Table 6-5 Single-channel: No alarm input assigned Error type Detection Diagnostics Loss of Remark Error in the actuator Despite being disabled, the None Detect errors using external monitoring. Please take into actuator does not switch to the safe consideration all the possible errors for the actuator used.

  • Page 63: Two-Channel Assignment Of Floating Contacts

    Two-channel assignment of floating contacts For two-channel assignment, the safety relays for both channels operate together. This assignment is fixed and cannot be parameterized (see Section "Two-channel" on page 5-2). It is possible to monitor external loads and the wiring for errors. In this case, a clock output (UT1 or UT2) with the associated alarm input must be used.
  • Page 64 WARNING: Failure of the safety relay contacts due to overload Protect all safety relay contacts against overload with suitable fuses (see "Safe digital relay outputs" on page 11-4). The illustrated 24 V voltage is not provided by the VersaPoint station. Key: Alternative A Alternative B...
  • Page 65 WARNING: Loss of electrical and functional safety – To achieve the specified safety integrity level, please refer to Section "Measures required to achieve a specific safety integrity level" on page 6-3. – Please note that in order to achieve the specified PL, the actuator must have a medium level of diagnostic coverage (90% to 99%) and medium MTTF .
  • Page 66 Table 6-7 Two-channel with monitoring by the alarm input [...] Error type Detection Diagnostics Loss of Remark Short circuit Output to 24 V (for version A in Prevent this error, e.g., through protected cable installation. Figure 6-3 on page 6-9) Output to 24 V (for version B in Prevent this error, e.g., through protected cable installation.

  • Page 67: Monitoring Via Separate Readback

    6.5.2 Monitoring via separate readback Monitoring is separate for each channel of an output, using one alarm input for each. In this case, both alarm inputs are assigned and are not available for the other output. The advantage of this wiring is that, in the event of an error, diagnostics are more accurate than for common readback.
  • Page 68 OUT0_Ch2_13 Output 0, channel 2, contact 13 OUT0_Ch2_14 Output 0, channel 2, contact 14 UT1 (UT2) Clock output UT1 or UT2 IN1 (IN2) Alarm input IN1 or IN2 UT2 (UT) Clock output UT2 or UT1 IN2 (IN1) Alarm input IN2 or IN1 K1 (R) and K2 (R) represent the forcibly guided N/C contacts for monitoring the state of the relay (readback contacts).
  • Page 69 WARNING: Loss of electrical and functional safety – To achieve the specified safety integrity level, please refer to Section "Measures required to achieve a specific safety integrity level" on page 6-3. – Please note that in order to achieve the specified PL, the actuator must have a medium level of diagnostic coverage (90% to 99%) and medium MTTF .

  • Page 70: External Monitoring

    Table 6-9 Two-channel with monitoring by two alarm inputs [...] Error type Detection Diagnostics Loss of Remark Short circuit Output to 24 V (for version A in Prevent this error, e.g., through protected cable installation. Figure 6-3 on page 6-9) Output to 24 V (for version B in Prevent this error, e.g., through protected cable installation.
  • Page 71 Safety-related segment circuit When implementing the safety-related segment circuit, two-channel parameterization of the output is required. This means setting the following parameters for channel 1 and channel 2: "Assignment: used" and "Output: two-channel". Observe the notes in the document for the safety-related segment circuit in the VersaPoint system (see Section "Ordering data: Documentation"...
  • Page 72 Key: Standard VersaPoint IL SAFE Safety-related segment circuit Power terminal with fuse or power terminal with fuse and diagnostics (see "Ordering data: Documentation" on page 11-9) Red (bold) External wiring to the safety terminal (by the user) Separate cable  0.75 mm GND* to power supply unit GND Notes on wiring:...
  • Page 73 6.6.1 Assignment with single-channel actuators The segment circuit of the VersaPoint system is safely switched via the appropriate wiring with jumpers (see Figure 6-5 on page 6-17). In the event of a safety demand, the voltage to the safety-related segment circuit is disconnected by output OUT1. Therefore, the actuator supply for all DO terminals that are installed in the safety-related segment circuit is disconnected.

  • Page 74: Safety-Related Segment Circuit

    Basic specifications Actuator Single-channel Achievable SIL/Cat. SIL 2/Cat. 2/PL c To achieve the specified category, please refer to Section "Measures required to achieve a specific safety integrity level" on page 6-3. Device diagnostics and behavior of the module in the event of an error Table 6-11 Safety-related segment circuit: Assignment with single-channel actuators Error type...
  • Page 75 Typical parameterization Table 6-12 Safety-related segment circuit: Assignment with single-channel actuators; typical parameterization Parameterization Parameterized as Remark Channel 1 Channel 2 Assignment Used Used Output Two-channel Two-channel Alarm input IN1 Do not evaluate Do not evaluate Alarm input IN2 Do not evaluate Do not evaluate Switch-off delay for stop Enabled...

  • Page 76: Assignment With Two-Channel Actuators: Use Of Do Terminals

    6.6.2 Assignment with two-channel actuators: Use of DO terminals The segment circuit of the VersaPoint system is safely switched via the appropriate wiring with jumpers (see Figure 6-5 on page 6-17). In the event of a safety demand, the voltage to the safety-related segment circuit is disconnected by output OUT1.
  • Page 77 Basic specifications Actuator Two-channel Achievable SIL/Cat. SIL 3/Cat. 4/PL e – To achieve the specified category, please refer to Section "Measures required to achieve a specific safety integrity level" on page 6-3. – Evaluate the readback contacts to achieve Cat. 3 or Cat. 4. Device diagnostics and behavior of the module in the event of an error Table 6-13 Safety-related segment circuit: Assignment with two-channel actuators...
  • Page 78 Table 6-13 Safety-related segment circuit: Assignment with two-channel actuators Error type Detection Diagnostics Loss of Remark Short circuit Output to ground None The error is not detected. To protect the relay output against overload, observe the notes output to FE on protecting the relay outputs in Section "Fuse protection"...

  • Page 79: Determining Pfh, Pfd, And Mttf D

    Determining PFH, PFD, and MTTF Probability of Failure per Hour Probability of Failure on Demand MTTF Mean time to dangerous failure Single-channel operation 7.1.1 Determining PFD for single-channel operation The value always refers to one internal safety relay (see assignment of outputs to the safety relay in Section "Terminal point assignment"...
  • Page 80 If the calculated PFH value is < 1%, a value of 1% should be used. % SIL 2 DC 13; 5 A AC 15; 3 A c [1/h] 75561013 Figure 7-1 PFH values depending on switching frequency c 7.1.3 Determining MTTF for single-channel operation The value for MTTF depends on the load for the contacts and the switching frequency.

  • Page 81: Two-Channel Operation

    Two-channel operation 7.2.1 Determining PFD for two-channel operation The value always refers to two internal safety relays (two-channel assignment; see assignment of outputs to the safety relay in Section "Terminal point assignment" on page 3-4). This means that if several safety relays are used in a safety function, they should be considered with 1% each of SIL 3.
  • Page 82 If the calculated PFH value is < 1%, a value of 1% should be used. % SIL 3 250 µF; DC 4 A /zero current DC 13; 5 A / DC 13; 5 A AC 15;, 3 A / DC 13; 5 A DC 15;...

  • Page 83: Determining Mttf D For Two-Channel Operation

    7.2.3 Determining MTTF for two-channel operation The value for MTTF depends on the load for the contacts and the switching frequency. In this section, the values are given for two-channel assignment, and these values refer to two internal safety relays. If the contacts of a safety relay have different loads, use the least favorable load for the calculation (see assignment of outputs to the safety relay in Section "Terminal point assignment"...
  • Page 84 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 85: Initial Startup

    Startup and validation Initial startup To start up, proceed as described in Table 8-1. Table 8-1 Steps for startup Step Relevant section and literature Set the transmission speed and the mode. Section "Setting the DIP switches" on page 4-2 Set the protocol/address. Section "Setting the DIP switches"...

  • Page 86: Restart After Replacing A Safety Module

    Table 8-1 Steps for startup [...] Step Relevant section and literature Program the safety function. User manuals for the function blocks used Documentation for the configurable logic module used (VersaSafe) Documentation for the controller used (PROFIsafe) For PROFIsafe: When verifying the safety function, check Checklist "Validation"...

  • Page 87: Validation

    Plug the VersaPoint and COMBICON connectors into the correct connections. Perform a function test after replacing the module. Validation Carry out a safety validation every time you make a safety-related modification to the VersaSafe or PROFIsafe system. When validating your individual EUC, check the assignment of the sensor and actuator connections.
  • Page 88 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 89: Errors: Messages And Removal

    "Acknowledgment" column in the tables below. If error codes are indicated by the system, which do not appear in the tables below, please contact GE Intelligent Platforms. Error removal To remove the cause of an error, please proceed as described in the "Remedy" column in the tables below.
  • Page 90 Notes on the tables below Diagnostic code The diagnostic register of the module includes both the diagnostic selector and the diagnostic code. This diagnostic code, which is represented in bits 11 to 0 of the register, is specified in Table 9-3 and onwards. However, it is the code of the entire diagnostic register that is indicated.
  • Page 91 The "LED" column specifies which local diagnostic LEDs indicate the error. Acknowledgment Errors that must be acknowledged are indicated with "Yes" in the "Acknowledgment" column. Special conditions for re-enabling an output or the module are specified in brackets [e.g., Yes (1)] in the "Acknowledgment" column and explained below the relevant table.

  • Page 92: General Errors

    Example for disabling OUT0_Ch1 and OUT0_Ch2 are parameterized for two-channel operation, but only error-free outputs: OUT0_Ch1 is assigned to one of the two alarm inputs. In the event of an error at this alarm input, a diagnostic message is only generated for OUT0_Ch1, and OUT0_Ch2 is also disabled.

  • Page 93: Parameterization Errors

    Parameterization errors Table 9-5 Parameterization errors Error cause Error code Remark Effect Remedy Acknow- (hex) ledgment Incorrect FS LED Each output is Module is in the Check and correct – parameterization Table 9-6 (flashing) parameterized safe state parameterization. individually In order to determine what type of parameterization error has occurred, use the corresponding control software to access the safe controller online and read the error.

  • Page 94: Acknowledging An Error

    Acknowledging an error 9.5.1 Acknowledging an error for VersaSafe An IC220SDL840 error is acknowledged completely via the configurable logic module. For instructions on error acknowledgment, please refer to the documentation for the configurable logic module used. 9.5.2 Acknowledging an error for PROFIsafe After removing the cause of an error, the diagnostic message must be acknowledged.

  • Page 95: 10 Maintenance, Repair, Decommissioning, And Disposal

    Repair work may not be carried out on the safety module. In the event of an error, send the module to GE Intelligent Platforms. It is strictly prohibited to open the safety module. In order to prevent the manipulation of the module and to detect the unauthorized opening of the module, a security seal is applied to the module.
  • Page 96 User manual IC220SDL840 - May 2018 10-2 GFK-2734...

  • Page 97: 11 Technical Data And Ordering Data

    11 Technical data and ordering data 11.1 System data 11.1.1 VersaPoint For system data, please refer to the following user manuals: VersaPoint Automation terminals of the VersaPoint product range GFK-2736 11.1.2 VersaSafe VersaSafe Processing time of the module Single-channel 7 ms Two-channel 17 ms For the system data for your system, please refer to the corresponding documentation for...
  • Page 98 General data [...] Storage/transport -25°C to +70°C Humidity Operation 75% on average, 85% occasionally (no condensation) In the range from -25°C to +55°C appropriate measures against increased humidity must be taken. Storage/transport 75% (no condensation) For a short period, slight condensation may appear on the outside of the housing. Air pressure Operation 80 kPa to 108 kPa (up to 2000 m above sea level)
  • Page 99 Safety characteristic data according to IEC 61508/EN 61508 Achievable SIL SIL 2 (single-channel) SIL 3 (two-channel) Depends on the parameterization and wiring (see Section "Connection options for actuators depending on the parameterization" on page 2-9 and Section "Connection examples for the safe relay outputs and the safety- related segment circuit"...
  • Page 100 Supply voltage U (logic, relay) The safety terminal is supplied with communications power via the bus coupler or a designated power terminal in the station. Potential rout- ing is used for the communications power in the VersaPoint station. For the technical data, please refer to the data sheet for the bus coupler or power terminal used.
  • Page 101 Safe digital relay outputs [...] Permissible switching voltage range At VersaPoint connector 5 V AC/DC to 30 V AC/DC At COMBICON connector 5 V AC/DC to 250 V AC/DC Maximum output current per contact At VersaPoint connector 4 A (observe derating, see "Derating" on page 11-6) At COMBICON connector 6 A (observe derating, see "Derating"...
  • Page 102 Derating The three derating curves are valid at 100% simultaneity of the relay outputs. Derating 1 23/24 A distinction is made between contacts 13/14 and 23/24. Use only one diagram to determine the derating of the safety module. Example (derating 1): 13/14 If contacts 23/24 are loaded with 6 A at T = 50°C, then contacts 13/14 can...
  • Page 103 Contact data for the safety relay used [...] Switching power range (guide value) 60 mW to 1500 W (VA)  100 m (when new) Contact resistance Immunity to short-circuiting 1000 A SCPD (6 A gG backup fuse) Maximum switching capacity (DIN EN 60947-4-1, DIN EN 60947-5-1) AC 1 250 V/6 A AC 15...

  • Page 104: Conformance With Emc Directive

    (bus logic), 24 V supply U , 24 V supply U , GND, clock outputs, FE Approvals For the latest approvals, please visit http://support.ge-ip.com. 11.3 Conformance with EMC Directive Conformance with EMC Directive 2004/108/EC Noise immunity test according to DIN EN 61000-6-2...

  • Page 105: Ordering Data

    Technology on PROFIBUS DP and PROFI- NET IO, Version 2.4, February 2007 Make sure you always use the latest documentation. It can be downloaded at www.ge-ip-com. Documentation for PROFIsafe, PROFIBUS, and PROFINET is available on the Internet at www.profibus.com/pall/meta/downloads.
  • Page 106 User manual IC220SDL840 - May 2018 11-10 GFK-2734...
  • Page 107 A Appendix: PROFIsafe terms used in the manual Some of the terms that are used in connection with PROFIsafe in this manual are described below. A definition of PROFIsafe terms is also provided in the PROFIsafe profile. Consecutive number Consecutive number Method for ensuring that the safe data is transmitted completely and in the correct order.
  • Page 108 F-System Failsafe system A failsafe system is a system that remains in the safe state or immediately enters a safe state when specific failures occur. iParameter Individual safety parameter of a device Consecutive number See "Consecutive number" Passivation If the safety module (F-I/O device) detects an error, it switches the affected channel or all channels of the module to the safe state;...

  • Page 109: B Appendix: F-Parameters And Iparameters

    B Appendix: F-Parameters and iParameters F-Parameters The values indicated in italics in Table B-1 are preset by the system and cannot be modified manually. Table B-1 Overview of the F-Parameters for the module F-Parameter Default value Description F_Source_ Automatic The parameter uniquely identifies the PROFIsafe source address (controller Address address).

  • Page 110: Iparameters

    Table B-1 Overview of the F-Parameters for the module F-Parameter Default value Description F_Block_ID Parameter block type identification 1: The parameter block of the F-Parameters contains the F_iPar_CRC parameter. F_Par_Version Version number of the F-Parameter block. 1: Valid for V2 mode F_iPar_CRC CRC checksum via the iParameters The value must be greater than 0.

  • Page 111: Diagnostic Messages For F-Parameters And Iparameters For Profisafe

    Diagnostic messages for parameter errors B 3.1 Diagnostic messages for F-Parameters and iParameters for PROFIsafe Table B-2 F-Parameter parameter errors Error code Error cause Remedy The parameterized F_Destination_Address does not Make sure that the PROFIsafe address of the match the PROFIsafe address set on the safety module safety module and the value in (F-Module).

  • Page 112: Diagnostic Messages For Parameter Errors For Versasafe

    Remedy 1088 The parameterized VersaSafe address does not match Make sure that the addresses are the same. the address set on the safety module. 1089 Internal failure Please contact GE Intelligent Platforms. 1094 User manual IC220SDL840 - May 2018 GFK-2734...

  • Page 113: C Appendix: Checklists

    C Appendix: Checklists The checklists listed in this section provide support during the planning, assembly and electrical installation, startup, parameterization, and validation of the IC220SDL840 module. These checklists may be used as planning documentation and/or as verification to en- sure the steps in the specified phases are carried out carefully. Archive the completed checklists to use as reference for recurring tests.

  • Page 114: C 1 Planning

    Planning Checklist for planning the use of the Safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Has the current module user manual been used as the basis for Revision: planning? Are the actuators approved for connection to the module (according to the technical data and parameterization options)? Has the voltage supply been planned according to the specifications for the protective extra-low voltage in accordance with PELV?
  • Page 115 No. Requirement (optional) No Remark 18 Have specifications for assembly and electrical installation been de- fined (e.g., EPLAN) and communicated to the relevant personnel? 19 Have the separate voltage areas been taken into account? 20 Have specifications for the safety-related segment circuit been taken into account (jumpers, approved terminals, fuse protection)? 21 Have specifications for startup been defined and communicated to the relevant personnel?

  • Page 116: Assembly And Electrical Installation

    Assembly and electrical installation Checklist for assembly and electrical installation of the Safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Was assembly completed according to the specifications (specifica- tions from the planning phase or according to the user manual)? Was the safety module installed in the control cabinet (IP54)? Do the cable cross sections correspond to the specifications? No.

  • Page 117: C 3 Startup And Parameterization

    Startup and parameterization Checklist for startup and parameterization of the Safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Was startup completed according to the specifications (specifications from the planning phase or according to the user manual)? During startup, is it ensured that any person starting hazardous movements intentionally can only do so with a direct view of the danger zone?

  • Page 118: C 4 Validation

    Validation Checklist for validating the Safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Have all the mandatory requirements for the "Planning" checklist been met? Have all the mandatory requirements for the "Assembly and electrical installation"...
  • Page 119 No. Requirement (mandatory) Remark 20 For PROFIsafe: Is the F_iPar_CRC parameter greater than 0 for all devices? 21 Has it been ensured that any person intentionally starting hazardous movements has a direct view of the danger zone? Date Signature (author) Date Signature (test engineer) GFK-2734...
  • Page 120 User manual IC220SDL840 - May 2018 GFK-2734...
  • Page 121 D Index Abbreviations ............. 1-6 ID code ..............2-17 Actuators Indicators, diagnostic and status ......2-10 Connection options ..........2-9 Input address area........... 2-17 Requirements............2-5 Installation Instructions............4-1 Insulation rating ............1-3 iParameters .............. A-2 Conformance with EMC Directive ......11-8 Consecutive number..........
  • Page 122 PROFIsafe ..............A-2 Address ..............5-1 Validation ..............8-3 Parameterization ..........5-1 VersaSafe Process data ............2-17 Address..............5-1 Programming data..........2-17 Parameterization..........5-1 PROFIsafe address ..........A-2 Process data ............2-15 PROFIsafe monitoring time ........A-2 Programming data ..........2-17 Protective circuit ............

Table of Contents