Page 1 — OPTIONS FOR ABB DRIVES FSO-21 safety functions module User’s manual...
Page 2 3AUA0000085967 DCS880 firmware manual 3ADW000474 Option manuals and guides ACX-AP-x assistant control panels user’s manual 3AUA0000085685 FSO-21 safety functions module user's manual 3AXD50000015614 FSE-31 pulse encoder interface module user's manual 3AXD50000016597 FENA-01/-11/-21 Ethernet adapter module user’s manual 3AUA0000093568 FPNO-21 PROFINET adapter module user's manual...
Page 3 User’s manual FSO-21 safety functions module Table of contents 1. Safety instructions 8. Installation 12. Start-up  2022 ABB. All Rights Reserved. 3AXD50000015614 Rev H Original instructions EFFECTIVE: 2022-01-07...
Page 5: Table Of Contents
Table of contents 5 Table of contents 1. Safety instructions Contents of this chapter ............13 Use of warnings .
Page 6 6 Table of contents Type designation label ........... 39 Operational characteristics .
Page 7 Table of contents 7 SSE with immediate STO, with speed limit activated SBC ..... . . 115 SSE with time monitoring ..........116 SSE with ramp monitoring .
Page 8 Configuring the ABB AC500-S Safety PLC ........
Page 9 Table of contents 9 Configuring general settings ..........312 How to configure general settings .
Page 10 FSO-21 parameters ........
Page 11 Table of contents 11 Validation of the SBC function ..........468 Validation of the SSE function .
Page 12 12 Table of contents 16. Technical data Contents of this chapter ........... . 515 Electrical data .
Page 13: Safety Instructions
Safety instructions 13 Safety instructions Contents of this chapter The chapter contains the warning symbols used in this manual and the safety instructions which you must obey when you install or connect an option module to a drive or inverter. If you ignore the safety instructions, injury, death or damage can occur.
Page 14: Electrical Safety Precautions
14 Safety instructions Electrical safety precautions These electrical safety precautions are for all personnel who do work on the drive, motor cable or motor. This manual does not give detailed information for disconnecting and isolating all drive types. Refer also to the drive or inverter unit hardware manual. WARNING! Obey these instructions and the safety instructions of the drive.
Page 15 Safety instructions 15 6. Install temporary grounding as required by the local regulations. 7. Ask the person in control of the electrical installation work for a permit to work.
Page 16 16 Safety instructions...
Page 17: Introduction To The Manual
The manufacturer of the machinery always remains ultimately responsible for the product safety and compliance with applicable laws. ABB does not accept any liability for direct or indirect injury or damage caused by the information contained in this document. ABB hereby disclaims all liabilities that may result from this document.
Page 18: Compatible Products
18 Introduction to the manual Compatible products Check the compatibility of the earlier versions with your local ABB representative. See also section FSO module version handling on page 37.  ACS880 drives and option modules • ACS880 series without “No FSO support” sticker •...
Page 19: Controller Stations
• Safe speed estimate: It is not possible to use the safe speed estimate with a DCS880 converter. Thus, the FSO-21 module cannot switch to safe speed estimate in case of an encoder failure but activates the STO function instead.
Page 20: Supported Safety Functions
20 Introduction to the manual Supported safety functions This manual provides instructions for creating the following safety functions (according to EN/IEC 61800-5-2) for the ACS880/DCS880 drives: • Safe torque off (STO) – standard feature in the ACS880/DCS880 drives, see page •...
Page 21 PROFINET. It describes the FSO module states and transitions and the contents of the PROFIsafe messages. The chapter also includes installation instructions, configuration instructions for the ABB AC500-S Safety PLC and Siemens SIMATIC Fail-safe S7 PLC as well as fault tracing tips.
Page 22: Recommended Reading
22 Introduction to the manual Chapter Maintenance (page 507) explains the replacement of the FSO and FSE modules in case of a module failure, gives instructions for reinstalling the FSO module to another drive and updating the firmware of the drive where the FSO is installed.
Page 23 Introduction to the manual 23 Term / Description Abbreviation Number of cycles until 10% of the components fail dangerously (for pneumatic and electromechanical components). (EN ISO 13849-1) Black channel Communication channel that is not safe as it has not been designed and/or validated according to IEC 61508.
Page 24 Pulse encoder interface module which can be used in safety applications FSO-12 Safety functions module which does not support the use of encoders FSO-21 Safety functions module which supports the FSE-31 module and the use of safety encoders Functional safety Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.
Page 25 Introduction to the manual 25 Term / Description Abbreviation hi-Z state In digital outputs, the signal is neither driven to a logical high nor low level. It is “floating”. High-threshold logic IGBT Insulated gate bipolar transistor Internal fault A fault which is detected by FSO module’s internal diagnostics. When an internal fault is detected, the FSO goes into fail-safe mode, activates drive STO, and creates a fault to the drive.
Page 26 26 Introduction to the manual Term / Description Abbreviation Profile Adaptation of the protocol for certain application field, for example, drives. PROFINET An open standard for industrial communication systems that uses the Ethernet standard. Registered trademark of PROFIBUS and PROFINET International (PI) community. PROFIsafe An additional layer on top of the PROFINET protocol for safety-related communication.
Page 27 Introduction to the manual 27 Term / Description Abbreviation Safety related Control function implemented by a SRECS with a specified integrity control function level that is intended to maintain the safe condition of the machine or (SRCF) prevent an immediate increase of the risk(s) Safety related Electrical control system of a machine whose failure can result in an electrical control...
Page 28 28 Introduction to the manual Term / Description Abbreviation Safe torque off (EN/IEC 61800-5-2). In this manual, this term is used in two different contexts: • the STO circuit in the drive (the drive STO function) • the STO safety function in the FSO module. Safety functions in the FSO module (eg, STO, SSE, SS1 and POUS) activate the drive STO function, that is, open the drive STO circuit.
Page 29: Certificates
Term / Description Abbreviation λ Safe failure rate Certificates TÜV Nord certificate for the FSO-21 and ACS880/DCS880 drive series can be found in ABB Library. Check the validity of the certificate with a specific drive variant from the ABB Library.
Page 30 30 Introduction to the manual The PROFIsafe certificate for the FSO-21 module is attached below. Certificate PROFIBUS Nutzerorganisation e.V. grants to ABB Oy Hiomotie 13, 00380 Helsinki, Finland the Certificate No: Z20147 for the PROFIsafe Module: Model Name: FSO-21 Order-Number:...
Page 31: Safety Information And Considerations
Safety information and considerations 31 Safety information and considerations Contents of this chapter This chapter contains general safety considerations and information to be taken into account when applying the FSO safety functions. WARNING! The FSO safety functions module is delivered with the safety functions bypassed by jumper wires in connectors X:113 and X:114 to allow initial drive commissioning without the need to configure safety functions first.
Page 32: Meeting The Requirements Of The Machinery Directive
Intentional misuse Use the FSO and FSE modules according to the instructions given in the user’s manuals. ABB is not responsible for any damage caused by the misuse of the modules. The FSO and FSE modules are not designed to protect a machine against intentional misuse or sabotage.
Page 33: Proof Testing
Safety information and considerations 33 of the system (including drive and the motor) can only be carried out after a proper isolating procedure, which must be obeyed to make sure that the maintained part of the system is properly isolated. ...
Page 34 34 Safety information and considerations...
Page 35: Overview
FSO-21 is a safety option module for ABB ACS880/DCS880 drives, which adds safety functionality, including support for PROFIsafe communication with a safety PLC through an FB module. FSO-21 also supports the use of a safety encoder together with the FSE-31 module.
Page 36: System Description
FSO module.  FSO module and safety system components Example figure of a safety system with the FSO-21 safety functions module, the ACS880-01 drive, a safety PLC, an FB module, an FSE module, switches and buttons. PROFIsafe over PROFINET...
Page 37: Fso Module Version Handling
FSO-21 module has a version handling system. Both the FSO module and the ACS880/DCS880 drive firmware must support the used safety functions. You can always replace the FSO-21 module with a newer revision and use the same configuration file with the new revision. If you replace an FSO-12 module with an FSO-21 module, you have to re-configure the FSO module and safety functions.
Page 38: Layout
38 Overview  Layout No Description 24 V DC input connection Safe torque off (STO) connection Data connection Mounting for drives with ZCU-12 control unit shown. Two mounting points on each side. The screw fixed at 4b also grounds the enclosure of the FSO. Mounting points for drives with other control units may vary.
Page 39: Connections
Last digit of the manufacturing year: 4, 5, … for 2014, 2015, … Manufacturing week: 01, 02, … for week 1, week 2, … SSSS: Integer starting every week from 0001 3 ABB MRP code of the FSO module 4 Combined ABB MRP code, serial number and manufacturing location 5 RoHS mark...
Page 40: Operational Characteristics
40 Overview  Operational characteristics The FSO module monitors that the drive operates within the configured safety limits when safety functions are active, and if the limits are exceeded, activates a safe stopping in the drive within the response time. The safe stopping function activates the drive STO function either immediately or after an emergency ramp.
Page 41: Fso Diagnostics
Overview 41  FSO diagnostics The FSO module performs extensive auto diagnostics tests during the runtime operation on FSO internal parts as well as the communication and STO connection between the FSO and the drive. The FSO goes into the Fail-safe mode if it detects a fault.
Page 42: Acknowledgement
42 Overview Note: ABB recommends to use external devices which are equipped with either a positive mechanical action or force guided contacts. Note: With external test pulses, the length of the pulses shall be 0.5 … 2 ms. Test pulses must be in totally different phasing, and must not overlap.
Page 43: Safety Encoders
Safety pulse encoders are connected to the FSE-31 pulse encoder interface module. The safety pulse encoder delivers pulses to the FSE-31 module which delivers safe speed, direction and position information to the FSO-21 module. The safety encoders supported by the FSE module must fulfill these requirements: •...
Page 44: Safe Position
FSO module needs motor speed feedback to perform safety functions. It can be either a measured speed from a safety encoder or a safe speed estimate. With FSO-12 module only safe speed estimate is available. FSO-21 module supports both safe speed estimate and measured speed from an HTL safety encoder via the FSE-31 encoder interface module.
Page 45 If deceleration is safety-related in the application, use a safety encoder together with the FSO-21 and FSE-31 modules for measuring the motor shaft speed, or use safety functions with ramp monitoring. Note: When the motor shaft speed is below the monitored speed limit, then the motor shaft cannot accelerate over the speed limit, even in the event of motor shaft control loss.
Page 46 WARNING! Applications with external active load must use a safety encoder and FSO-21 and FSE-31 modules. WARNING! In an encoder fault situation, with an external active load, the FSO module is not permitted to switch the feedback from encoder to safe speed estimate (see parameter S_ENCGEN.11).
Page 47 Overview 47 possible effect (unnecessary limit hit) if you do not take the slip into account when defining the trip limits in the FSO module. Motor speed Slip Time - - - Actual speed Safe speed estimate SLS trip limits In the example, the motor torque is 100% during the acceleration and the motor slip is at its maximum value.
Page 48: Overview Of Safety Functions
48 Overview available for both safe speed estimate and safety encoder feedback. The mute time feature can be especially useful with the safe speed estimate because the estimate is more prone to spurious trips caused by for example rapid changes in motor torque. The mute time should be set as short as possible.
Page 49: Safe Brake Control (Sbc)
Overview 49 You can configure this safety function to be similar to the STO (SSE with immediate STO, stop category 0) or SS1 function (SSE with emergency ramp, stop category 1). See sections • SSE with immediate STO on page 107, •...
Page 50: Safely-Limited Speed (Sls)
50 Overview SS1 function and SSE with emergency ramp In these safety functions, you can configure the SBC and STO combination to be activated at a user-defined speed limit while ramping down to zero speed. See sections • SS1 with speed limit activated SBC on page •...
Page 51: Safe Direction (Sdi)
Overview 51  Safe direction (SDI) This safety function monitors that the motor rotates into the correct direction. If the motor rotates into the forbidden direction more than the user-defined SDI tolerance limit allows, the FSO module activates the SSE function and the motor stops. This safety function requires that you use an encoder in the safety application.
Page 52 52 Overview...
Page 53: Safety Functions
Safety functions 53 Safety functions Contents of this chapter This chapter describes how the safety functions of the FSO module operate. The FSO-21 module supports these safety functions: Safety function Stop category Information Page Safe torque off (STO) Stop category 0 STO: standard drive feature...
Page 54: General
54 Safety functions Safety function Stop category Information Page Safe direction (SDI) With time or ramp monitoring Only with an encoder General  Safety function request A safety function can be activated locally from FSO digital inputs, from a safety PLC, in FSO internal fault situations or by another safety function (see section Dependencies between safety functions on page 193).
Page 55: Acknowledgement Methods
Safety functions 55  Acknowledgement methods You can configure the acknowledgement method separately for the power-up, STO (SSE and SS1 always end in drive STO), SLS, SDI and POUS safety functions. The acknowledgement method can be manual or automatic, from a safety PLC via the PROFIsafe communication bus, or either manual or from a safety PLC.
Page 56: Dc Magnetization And Drive Start Modes
56 Safety functions Acknowledgement can be performed if: • A safety function request is not active. • STO: Delay defined by parameter STO.13 Restart delay after STO STO.14 Time to zero speed with STO and modoff has passed. Note: If an SSE or SS1 request is received while the STO function is active, the STO function must be completed before the acknowledgement is allowed.
Page 57: Ramp Monitoring
Safety functions 57 This restriction is relevant only when FSO module is used with the safe speed estimate, not when it is used with the encoder. For more information, see the firmware manual of your drive.  Ramp monitoring The ramp monitoring is configured with five parameters as described below. Ramp monitoring using the ramps Defining the ramp monitoring limits Speed...
Page 58: Safety Function Indications
58 Safety functions Scaling speed: value of parameter 200.202 SAR speed scaling. Speed value that the FSO module uses as a reference point in ramp time calculations. This value and the minimum (A), target (B) and maximum (C) ramp times define fixed slopes for the deceleration ramps that are used in ramp monitoring.
Page 59 Safety functions 59 Status bit indication PROFIsafe status bit indication of the safety function is relevant when the FSO module is part of a PROFIsafe control system. These are safety-related indications. Note: Status and control words (see Status and control words on page 449) are not safety-related indications, and they can be used for monitoring purposes only.
Page 60: Fso Modes
60 Safety functions • SSM indication goes on when the motor speed is in the user-defined range. The FSO module switches off the indication when the monitored speed exceeds the configured limit. • SDI active state is indicated when the motor rotates in the correct direction. The FSO module switches off the indication when the function is acknowledged or the rotation direction changes to the forbidden direction (this also causes the SDI to trip, that is, the FSO module activates the SSE function).
Page 61: Transitions Between Fso Modes And States
Safety functions 61  Transitions between FSO modes and states The following diagram shows the possible transitions during normal operation of the FSO module. • Power down: STO active, power off (below 19 V) • Start-up: STO active, power on (above 19 V), start-up checks performed •...
Page 62: Cascade
62 Safety functions At power-up, the FSO goes into the Start-up mode. During the power-up process, FSO is in Safe state (STO active). It performs start-up checks and, according to the configuration, enters the Operational state either automatically or after an acknowledgement request from the FSO I/O or from a safety PLC.
Page 63 Safety functions 63 Acknowledgement button Automatic Indication lamp acknowledgement Emergency stop Cascade A X114:2 Follower Master Follower X113:1 X113:7 X114:1 Safety Safety Safety Safety Safety Safety function 1 function 1 function 1 function function function X113:2 X113:8 X113:2 X113:2 X113:8 X113:8 X113:4 Safety...
Page 64: Mute Time Feature
64 Safety functions You can configure one or two safety functions in the same cascaded system (Cascade A and Cascade B). If the whole cascaded system must trip after reaching a trip limit of any safety function, or with a safety fieldbus failure, you must cascade the SSE function.
Page 65 Safety functions 65 The function-specific mute time for SMS is activated with a separate parameter FSOGEN.39 Enable SMS mute time. After the parameter FSOGEN.39 has been activated, the mute time parameter SMS.17 Mute time for SMS is used in limit hit situations for the SMS function.
Page 66 66 Safety functions SLS function is requested from higher speed than the SLS limit. Monitoring start situation Limit hit situation Zero speed situation Monitoring start Limit hit (E) Zero speed delay delay (D) time (F) Without encoder FSOGEN.31 FSOGEN.31 FSOGEN.31 Function-specific mute times disabled Without encoder...
Page 67: Safe Torque Off (Sto)
Safety functions 67 Safe torque off (STO) The STO function brings the machine safely into a no-torque state and/or prevents it from starting accidentally. The STO function in the FSO module activates the drive STO function, that is, opens the STO circuit in the drive. This prevents the drive from generating the torque required to rotate the motor.
Page 68: Sto Function
68 Safety functions  STO function The operation of the STO function when the SBC is not used is described in the time diagrams and tables below. For configuration, see section How to configure STO page 331. Without an encoder Motor speed STO.14 STO.13...
Page 69 Safety functions 69 Step Description After the acknowledgement, the STO function is deactivated. The indications STO output (STO.21) and STO completed output (STO.22) go off. With an encoder Motor speed STO.13 Time STO request Drive STO state & indication STO completed indication Zero speed with encoder (parameter FSOGEN.52): Speed limit at which the motor has stopped, the safety function is completed and the STO completed indication (parameter...
Page 70 70 Safety functions Step Description After the acknowledgement, the STO is deactivated. The indications STO output (STO.21) and STO completed output (STO.22) go off.
Page 71: Sbc After Sto
Safety functions 71  SBC after STO The operation of the SBC after the STO function (positive SBC delay) is described in the time diagrams and tables below. For configuration, see section How to configure SBC after STO on page 333. Without an encoder Motor speed SBC.12...
Page 72 72 Safety functions Step Description The STO request is received (for example, from the I/O). The FSO activates the drive STO and starts counters for times A and C. STO active indication parameter STO output (STO.21) goes on. After time C has elapsed, the acknowledgement becomes allowed as soon as the STO request has been removed (step 5).
Page 73 Safety functions 73 Restart delay after STO (parameter STO.13): Time from the STO activation to the moment when the acknowledgment becomes allowed. With this parameter, you can allow a restart of the drive before the motor has stopped (fly-start). You can use this feature only in certain applications.
Page 74: Sbc Before Sto
74 Safety functions  SBC before STO The operation of the SBC before the STO function (negative SBC delay) is described in the time diagrams and tables below. For configuration, see section How to configure SBC before STO on page 335. The reason to use a negative SBC delay is to have the mechanical brake closed just before the drive STO circuit is opened.
Page 75 Safety functions 75 Step Description The STO request is received (for example, from the I/O). The FSO activates the SBC function (brake) and starts counters for times A and B. STO active indication parameter STO output (STO.21) goes on. After time C has elapsed, the SBC starts to brake the motor. After time A has elapsed, the FSO activates the drive STO.
Page 76 76 Safety functions With an encoder Motor speed SBC.12 Time STO request Drive STO state & indication SBC output STO completed indication Zero speed with encoder (parameter FSOGEN.52): Speed limit at which the motor has stopped, the safety function is completed and the STO completed indication (parameter STO.22) goes on.
Page 77: Sto With Speed Limit Activated Sbc
Safety functions 77  STO with speed limit activated SBC This safety function requires that you use an encoder in the safety application. The operation of the STO with speed limit activated SBC is described in the time diagram and table below. For configuration, see section How to configure STO with speed limit activated SBC on page 337.
Page 78 78 Safety functions Step Description The STO request is received (for example, from the I/O). The FSO activates the drive STO function. STO active indication parameter STO output (STO.21) goes on. After time C has elapsed, the acknowledgement becomes allowed as soon as the STO request has been removed (step 5).
Page 79: Safe Stop 1 (Ss1)
Safety functions 79 Safe stop 1 (SS1) The SS1 function stops the motor safely by ramping down the motor speed. The FSO activates the drive STO function below a user-defined zero speed limit. The FSO monitors the stop ramp either with the time or ramp monitoring method (SS1 function types SS1-t and SS1-r, respectively).
Page 80: Ss1 With Time Monitoring (Ss1-T)
80 Safety functions  SS1 with time monitoring (SS1-t) The operation of the SS1 with time monitoring (SS1-t) is described in the time diagrams and tables below. For configuration, see section How to configure SS1 with time monitoring (SS1-t) on page 340. With a safe speed estimate Motor speed SS1.14...
Page 81 Safety functions 81 Step Description The SS1 request is received (for example, from the I/O). The FSO starts a counter for time A. SS1 active indication parameter SS1 output (SS1.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 82 82 Safety functions With an encoder Motor speed SS1.14 - -> Safe torque off (STO) Time SS1 request Drive STO state & indication SS1 state & indication SS1 completed indication SS1-t delay for STO (parameter SS1.14): Time after which the FSO activates the STO function regardless of the motor speed.
Page 83 Safety functions 83 Step Description The SS1 request is received (for example from the I/O). The FSO starts a counter for time A. SS1 state indication parameter SS1 output (SS1.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 84: Ss1 With Ramp Monitoring (Ss1-R)
84 Safety functions  SS1 with ramp monitoring (SS1-r) The operation of the SS1 with ramp monitoring (SS1-r) is described in the time diagrams and tables below. For configuration, see section How to configure SS1 with ramp monitoring (SS1-r) on page 342. With a safe speed estimate Motor speed - ->...
Page 85 Safety functions 85 Step Description The SS1 request is received (for example, from the I/O). After time B has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 86 86 Safety functions With an encoder Motor speed - -> Safe torque off (STO) Time SS1 request Drive STO state & indication SS1 state & indication SS1 completed indication SAR1 monitoring Zero speed with encoder (parameter FSOGEN.52): Speed limit for activating the drive STO function.
Page 87 Safety functions 87 Step Description The SS1 request is received (for example, from the I/O). After time B has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 88: Ss1 With Speed Limit Activated Sbc
88 Safety functions  SS1 with speed limit activated SBC In these examples, the SBC and drive STO functions are activated at a user-defined speed limit. With time monitoring (SS1-t) The operation of the SS1-t function with speed limit activated SBC is described in the time diagrams and tables below.
Page 89 Safety functions 89 Step Description The SS1 request is received (for example, from the I/O). The FSO starts a counter for time B. SS1 state indication parameter SS1 output (SS1.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 90 90 Safety functions With an encoder Motor speed SS1.14 - -> Safe torque off (STO) Time SS1 request Drive STO state & indication SBC output SS1 state & indication SS1 completed indication SBC speed (parameter SBC.15): Speed limit below which the FSO activates the SBC (brake) and drive STO functions while ramping.
Page 91 Safety functions 91 Step Description The SS1 request is received (for example, from the I/O). The FSO starts a counter for time C. SS1 state indication parameter SS1 output (SS1.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 92 92 Safety functions With ramp monitoring (SS1-r) The operation of the SS1-r function with speed limit activated SBC is described in the time diagrams and tables below. For configuration, see section How to configure SS1 with speed limit activated SBC on page 343.
Page 93 Safety functions 93 Step Description The SS1 request is received (for example, from the I/O). After time C has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 94 94 Safety functions With an encoder Motor speed - -> Safe torque off (STO) Time SS1 request Drive STO state & indication SBC output SS1 state & indication SS1 completed indication SAR1 monitoring SBC speed (parameter SBC.15): Speed limit below which FSO activates the SBC (brake) and drive STO functions while ramping.
Page 95 Safety functions 95 Step Description The SS1 request is received (for example, from the I/O). After time B has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 96: Ss1 With Speed Limit Activated Sbc, Sbc Before Sto
96 Safety functions  SS1 with speed limit activated SBC, SBC before STO In these examples, the SBC function is activated at a user-defined speed limit and drive STO function after a user-defined delay (negative SBC delay). The reason to use a negative SBC delay (parameter SBC.12) is to have the mechanical brake closed just before the drive STO circuit is opened.
Page 97 Safety functions 97 Step Description The SS1 request is received (for example, from the I/O). The FSO starts a counter for time B. SS1 state indication parameter SS1 output (SS1.21) goes on. After time E has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 98 98 Safety functions With an encoder Motor speed SS1.14 - -> Safe torque off (STO) SBC.12 Time SS1 request Drive STO state & indication SBC output SS1 state & indication SS1 completed indication SBC speed (parameter SBC.15): Speed limit below which the FSO activates the SBC (brake).
Page 99 Safety functions 99 Step Description The SS1 request is received (for example, from the I/O). The FSO starts a counter for time C. SS1 state indication parameter SS1 output (SS1.21) goes on. After time E has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 100 100 Safety functions With ramp monitoring (SS1-r) The operation of the SS1-r function with speed limit activated SBC, SBC before STO is described in the time diagrams and tables below. For configuration, see section How to configure SS1 with speed limit activated SBC, SBC before STO on page 347.
Page 101 Safety functions 101 Step Description The SS1 request is received (for example, from the I/O). After time D has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 102 102 Safety functions With an encoder Motor speed - -> Safe torque off (STO) SBC.12 Time SS1 request Drive STO state & indication SBC output SS1 state & indication SS1 completed indication SAR1 monitoring SBC speed (parameter SBC.15): Speed limit below which FSO activates the SBC function (brake) while ramping.
Page 103 Safety functions 103 Step Description The SS1 request is received (for example, from the I/O). After time D has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 104: Ss1 Ramp Functions When Drive Modulation Is Lost
104 Safety functions  SS1 ramp functions when drive modulation is lost The operation of SS1-r and -t functions in a situation where drive modulation is lost during the deceleration ramp is described below. The operation of SSE function in this situation is otherwise similar, but SSE indications are shown instead of SS1 indications.
Page 105 Safety functions 105 Step Description The SS1 request is received (for example, from the I/O). The drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp. The FSO starts the SAR1 ramp monitoring (parameters SARx.21 and SARx.22).
Page 106: Safe Stop Emergency (Sse)
106 Safety functions Safe stop emergency (SSE) The SSE function can be configured either with immediate STO or with emergency ramp. With immediate STO The behavior of the SSE with immediate STO is identical to the STO function (see section Safe torque off (STO) on page 67) except that parameter Restart delay after...
Page 107: Sse With Immediate Sto
Safety functions 107  SSE with immediate STO The operation of the SSE with immediate STO function is described in the time diagrams and tables below. For configuration, see section How to configure SSE with immediate STO on page 351. Without an encoder Motor speed STO.14...
Page 108 108 Safety functions With an encoder Motor speed Time SSE request Drive STO state & indication SSE state & indication SSE completed indication Zero speed with encoder (parameter FSOGEN.52): Speed limit at which the motor has stopped, the safety function is completed and the SSE completed indication (parameter SSE.22) goes on.
Page 109: Sse With Immediate Sto, Sbc After Sto
Safety functions 109  SSE with immediate STO, SBC after STO The operation of the SSE with immediate STO, SBC after STO (positive SBC delay) is described in the time diagrams and tables below. For configuration, see section How to configure SSE with immediate STO, SBC after or before STO on page 353.
Page 110 110 Safety functions Step Description The SSE request is received (for example, from the I/O). The FSO activates the drive STO function and starts a counter for time A. SSE active indication SSE output (SSE.21) and STO output (STO.21) go on. After time A has elapsed, the FSO activates the SBC and starts a counter for time B.
Page 111 Safety functions 111 With an encoder Motor speed SBC.12 Time SSE request Drive STO state & indication SSE state & indication SBC output SSE completed indication Zero speed with encoder (parameter FSOGEN.52): Speed limit at which the motor has stopped, the SSE completed indication (parameter SSE.22) goes on and the acknowledgment becomes allowed.
Page 112: Sse With Immediate Sto, Sbc Before Sto
112 Safety functions  SSE with immediate STO, SBC before STO The operation of the SSE with immediate STO, SBC before the STO (negative SBC delay) is described in the time diagrams and tables below. For configuration, see section How to configure SSE with immediate STO, SBC after or before STO page 353.
Page 113 Safety functions 113 Step Description The SSE request is received (for example, from the I/O). The FSO activates the SBC function (brake) and starts counters for times A and B. SSE active indication output (SSE.21) and STO output (STO.21) go on. After time C has elapsed, the SBC starts to brake the motor.
Page 114 114 Safety functions With an encoder Motor speed SBC.12 Time SSE request Drive STO state & indication SSE state & indication SBC output SSE completed indication Zero speed with encoder (parameter FSOGEN.52): Speed limit at which the motor has stopped, the safety function is completed and the SSE completed indication (parameter SSE.22) goes on.
Page 115: Sse With Immediate Sto, With Speed Limit Activated Sbc
Safety functions 115  SSE with immediate STO, with speed limit activated SBC This safety function requires that you use an encoder in the safety application. The operation of the SSE with immediate STO with speed limit activated SBC is described in the time diagram and table below.
Page 116: Sse With Time Monitoring
116 Safety functions  SSE with time monitoring The operation of the SSE with time monitoring is described in the time diagrams and tables below. For configuration, see section How to configure SSE with time monitoring on page 354. With a safe speed estimate Motor speed SSE.15 - ->...
Page 117 Safety functions 117 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time A. SSE active indication SSE output (SSE.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 118 118 Safety functions With an encoder Motor speed SSE.15 - -> Safe torque off (STO) Time SSE request Drive STO state & indication SSE state & indication SSE completed indication SSE delay for STO (parameter SSE.15): Time after which the FSO activates the STO function regardless of the motor speed.
Page 119 Safety functions 119 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time A. SSE active indication SSE output (SSE.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 120: Sse With Ramp Monitoring
120 Safety functions  SSE with ramp monitoring The operation of the SSE with ramp monitoring is described in the time diagrams and tables below. For configuration, see section How to configure SSE with ramp monitoring on page 355. With a safe speed estimate Motor speed - ->...
Page 121 Safety functions 121 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 122 122 Safety functions With an encoder Motor speed - -> Safe torque off (STO) Time SSE request Drive STO state & indication SSE state & indication SSE completed indication SAR0 monitoring Zero speed with encoder (parameter FSOGEN.52): Speed limit for activating the drive STO function.
Page 123 Safety functions 123 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time B has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 124: Sse With Speed Limit Activated Sbc
124 Safety functions  SSE with speed limit activated SBC In these examples, the SBC and drive STO functions are activated at a user-defined speed limit. With time monitoring The operation of the SSE with speed limit activated SBC and time monitoring is described in the time diagrams and tables below.
Page 125 Safety functions 125 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time B. SSE active indication SSE output (SSE.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 126 126 Safety functions With an encoder Motor speed SSE.15 - -> Safe torque off (STO) Time SSE request Drive STO state & indication SBC output SSE state & indication SSE completed indication SBC speed (parameter SBC.15): Speed limit below which the FSO activates the SBC (brake) and drive STO functions while ramping.
Page 127 Safety functions 127 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time C. SSE active indication SSE output (SSE.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 128 128 Safety functions With ramp monitoring The operation of the SSE with speed limit activated SBC and ramp monitoring is described in the time diagrams and tables below. For configuration, see section to configure SSE with speed limit activated SBC on page 356.
Page 129 Safety functions 129 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 130 130 Safety functions With an encoder Motor speed - -> Safe torque off (STO) Time SSE request Drive STO state & indication SBC output SSE state & indication SSE completed indication SAR0 monitoring SBC speed (parameter SBC.15): Speed limit below which FSO activates the SBC (brake) and drive STO functions while ramping and stops the ramp monitoring.
Page 131 Safety functions 131 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time C has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 132: Sse With Speed Limit Activated Sbc, Sbc Before Sto
132 Safety functions  SSE with speed limit activated SBC, SBC before STO In these examples, the SBC function is activated at a user-defined speed limit and drive STO function after a user-defined delay (negative SBC delay). The reason to use a negative SBC delay (parameter SBC.12) is to have the mechanical brake closed just before the drive STO circuit is opened.
Page 133 Safety functions 133 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time B. SSE active indication SSE output (SSE.21) goes on. After time E has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 134 134 Safety functions With an encoder Motor speed SSE.15 - -> Safe torque off (STO) SBC.12 Time SSE request Drive STO state & indication SBC output SSE state & indication SSE completed indication SBC speed (parameter SBC.15): Speed limit below which the FSO activates the SBC function (brake).
Page 135 Safety functions 135 Step Description The SSE request is received (for example, from the I/O). The FSO starts a counter for time C. SSE active indication SSE output (SSE.21) goes on. After time E has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp.
Page 136 136 Safety functions With ramp monitoring The operation of the SSE with speed limit activated SBC, SBC before STO and ramp monitoring is described in the time diagrams and tables below. For configuration, see section How to configure SSE with speed limit activated SBC, SBC before STO page 360.
Page 137 Safety functions 137 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 138 138 Safety functions With an encoder Motor speed - -> Safe torque off (STO) SBC.12 Time SSE request Drive STO state & indication SBC output SSE state & indication SSE completed indication SAR0 monitoring SBC speed (parameter SBC.15): Speed limit below which FSO activates the SBC function (brake) while ramping.
Page 139: Sse When Drive Modulation Is Lost During Deceleration Ramp
Safety functions 139 Step Description The SSE request is received (for example, from the I/O). SSE active indication output (SSE.21) goes on. After time D has elapsed, the drive starts to ramp down the motor speed. SAR0 parameter 200.102 defines the deceleration ramp. The FSO starts the SAR0 ramp monitoring (parameters SARx.11 and SARx.12).
Page 140: Safely-Limited Speed (Sls)
140 Safety functions Safely-limited speed (SLS) The SLS prevents the motor from exceeding user-defined speed limits. The drive limits the motor speed so that it stays between the SLS speed limits. If the motor speed is above the user-defined SLS limit when SLS function is activated, the motor speed is first decelerated to the required speed.
Page 141: Sls With Speed Below Monitored Speed
Safety functions 141 user can also set the reaction type and the delay for activating the STO indication after the modulation loss. For this procedure to work, at least the auxiliary power (24 V DC) to the control unit and the FSO module must be on. For more information, see section SLS reaction when modulation is lost during deceleration ramp, with ramp monitoring on page 147.
Page 142 142 Safety functions Step Description The SLS request is received. The motor speed is below the SLS limit positive (B) and the FSO starts the SLS monitoring. The SLS active indication (parameter SLSx.15, SLSx.24, SLSx.34 or SLSx.44) goes on. The drive limits the motor speed so that it does not go above the SLS limit positive.
Page 143: Sls With Time Monitoring And Speed Above Monitored Speed
Safety functions 143  SLS with time monitoring and speed above monitored speed The operation of the SLS function with time monitoring is described in the time diagram and table below. For configuration, see section How to configure SLSn with time monitoring on page 362.
Page 144 144 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The FSO starts the counter for the SLS time delay (C) (parameter SLSx.04). The drive starts to ramp down the motor speed. The drive (parameter 23.13 or 23.15) defines the deceleration ramp until the speed reaches the SLS limit positive (B).
Page 145: Sls With Ramp Monitoring And Speed Above Monitored Speed
Safety functions 145  SLS with ramp monitoring and speed above monitored speed The operation of the SLS function with ramp monitoring is described in the time diagram and table below. For configuration, see section How to configure SLSn with ramp monitoring on page 364.
Page 146 146 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). After time C has elapsed, the drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp until the speed reaches the SLS limit positive (B).
Page 147: Sls Reaction When Modulation Is Lost During Deceleration Ramp, With Ramp Monitoring
Safety functions 147  SLS reaction when modulation is lost during deceleration ramp, with ramp monitoring If SLS function is activated when motor speed is above the SLS trip limit, FSO will force the drive to decelerate to SLS limit. If the drive stops modulation during this deceleration ramp, user can pre-select the reaction of the SLS function (parameter SLSx.05) from the following: •...
Page 148 148 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp slope until the speed reaches the SLS limit. The FSO starts the SAR1 ramp monitoring (parameters SARx.21, SARx.22).
Page 149 Safety functions 149 SLS reaction if modulation is lost with Modoff delay time - modulation returns before modoff delay The operation of the SLS function in case of the modulation of the drive is lost during the deceleration ramp and the modulation returns before the Modoff delay time has run out with Modoff delay time selected (parameter SLSx.05 is set to Modoff delay...
Page 150 150 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp slope until the speed reaches the SLS limit. The FSO starts the SAR1 ramp monitoring (parameters SARx.21, SARx.22).
Page 151 Safety functions 151 SLS reaction if modulation is lost with Monitoring active The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring active selected (parameter SLSx.05 is set to Monitoring active) is described in the time diagram and table below.
Page 152 152 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp slope until the speed reaches the SLS limit. The FSO starts the SAR1 ramp monitoring (parameters SARx.21, SARx.22).
Page 153 Safety functions 153 SLS reaction if modulation is lost with Monitoring active and modoff delay time - modulation returns The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring active and modoff delay time selected (parameter SLSx.05 is set to Monitoring active and modoff delay time) is described in the time diagram and table below.
Page 154 154 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp slope until the speed reaches the SLS limit. The FSO starts the SAR1 ramp monitoring (parameters SARx.21, SARx.22).
Page 155 Safety functions 155 SLS reaction if modulation is lost with Monitoring and modoff delay time disabled The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring and modoff delay time disabled selected (parameter SLSx.05 is set to Monitoring and modoff delay time disabled) is described...
Page 156 156 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The SAR1 parameter 200.112 defines the deceleration ramp slope until the speed reaches the SLS limit. The FSO starts the SAR1 ramp monitoring (parameters SARx.21, SARx.22).
Page 157: Sls Reaction When Modulation Is Lost During Deceleration Ramp, With Time Monitoring
Safety functions 157  SLS reaction when modulation is lost during deceleration ramp, with time monitoring SLS reaction if modulation is lost with Modoff delay time The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Modoff delay time selected (parameter SLSx.05 is set to...
Page 158 158 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The FSO starts the SLS time delay (parameter SLSx.04). The drive (parameter 23.13 or 23.15) defines the deceleration ramp until the speed reaches the SLS limit.
Page 159 Safety functions 159 SLS reaction if modulation is lost with Modoff delay time - modulation returns before modoff delay The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp and the modulation returns before the Modoff delay time has run out with Modoff delay time selected (parameter SLSx.05 is set to Modoff delay time)
Page 160 160 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The FSO starts the counter for the SLS time delay (C) (parameter SLSx.04) The drive (parameter 23.13 or 23.15) defines the deceleration ramp until the speed reaches the SLS limit.
Page 161 Safety functions 161 SLS reaction if modulation is lost with Monitoring active The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring active selected (parameter SLSx.05 is set to Monitoring active) is described in the time diagram and table below.
Page 162 162 Safety functions Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The FSO starts the counter for the SLS time delay (C) (parameter SLSx.04). The drive (parameter 23.13 or 23.15) defines the deceleration ramp until the speed reaches the SLS limit.
Page 163 Safety functions 163 SLS reaction if modulation is lost with Monitoring and modoff delay time disabled The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring and modoff delay time disabled selected (parameter SLSx.05 is set to Monitoring and modoff delay time disabled) is described...
Page 164 164 Safety functions SLS reaction if modulation is lost with Monitoring and modoff delay time disabled - modulation returns The operation of the SLS function in case the modulation of the drive is lost during the deceleration ramp with Monitoring and modoff delay time disabled selected (parameter SLSx.05 is set to Monitoring and modoff delay time disabled) is described...
Page 165 Safety functions 165 Step Description The SLS request is received. The motor speed is above the SLS trip limit positive (A). The drive starts to ramp down the motor speed. The drive (parameter 23.13 or 23.15) defines the deceleration ramp until the speed reaches the SLS limit.
Page 166: Fso Boot Behavior With Sls Active
166 Safety functions  FSO boot behavior with SLS active When the safe speed estimate is in use, the following boot behavior exists. During FSO module boot, the FSO module has no valid speed data and thus a very high initialization value for motor speed is assumed for internal FSO usage. If an SLS function or variable SLS function is active during FSO reboot and parameter SLSx.05 is configured so that Modoff delay time or Monitoring active is selected, the FSO will...
Page 167: Sls Trip Limit Hits
Safety functions 167  SLS trip limit hits If the motor speed exceeds an SLS trip limit, the FSO activates the SSE function. The operation of SLS and SSE indications in SLS trip limit hit situations are described in the diagrams and tables below. For more information on the SSE function, see section Safe stop emergency (SSE) on page 106.
Page 168 168 Safety functions Step Description The SLS request is received, the motor speed is below the SLS limit positive (B) and the FSO starts the SLS monitoring. The SLS indication (parameter SLSx.15, SLSx.24, SLSx.34 or SLSx.44) goes on. The motor speed goes above the SLS limit positive (B). The motor speed reaches the SLS trip limit positive (A).
Page 169 Safety functions 169 SSE with immediate STO, with an encoder This applies when the SSE function has been configured as “Immediate STO” and an encoder is used. Motor speed - -> Safe stop emergency (SSE) Time SLS request SLS indication SSE state &...
Page 170 170 Safety functions SSE with emergency ramp This applies when the SSE function has been configured as “Emergency ramp” (with ramp monitoring or time monitoring). Motor speed - -> Safe stop emergency (SSE) Time SLS request SLS indication SSE state & indication SSE completed indication...
Page 171 Safety functions 171 Step Description The SLS function is acknowledged and the FSO stops the SLS monitoring. The SSE function is acknowledged with the same acknowledgement. The indications go off.
Page 172: Variable Safely-Limited Speed (Sls)
172 Safety functions Variable Safely-limited speed (SLS) This safety function requires that FSO communicates with a safety-capable PLC via PROFIsafe over PROFINET. For more information, see chapter PROFIsafe. The SLS function prevents the motor from exceeding user-defined speed limits. With the Variable SLS function, the speed limits are scaled with a safety PLC via PROFIsafe bus and can be changed on the fly.
Page 173: Variable Sls With Time Monitoring
Safety functions 173  Variable SLS with time monitoring In Variable SLS with time monitoring, the ramp according to which the drive decelerates the motor to different speeds is monitored using the time monitoring method. Drive parameters define the deceleration ramp. If the motor speed is accelerated, drive parameters define the acceleration ramp and it is not monitored.
Page 174 174 Safety functions Step Description The Variable SLS request is received again from the safety PLC (for example, 50%). The FSO sends a request to the drive to ramp down the motor speed to the new speed limit. The FSO starts a counter for the SLS time delay (B). Note: The FSO continues to monitor the existing Variable SLS limits until the new speed limit has been reached.
Page 175: Variable Sls With Ramp Monitoring
Safety functions 175  Variable SLS with ramp monitoring In Variable SLS with ramp monitoring, the ramp according to which the drive decelerates the motor to different speeds is monitored using the ramp monitoring method (SAR1 parameters of the FSO module). Drive or SAR1 parameters define the deceleration ramp.
Page 176 176 Safety functions Step Description The Variable SLS request is received again from the safety PLC (for example, 50%). The FSO sends a request to the drive to ramp down the motor speed to the new speed limit. After time B has elapsed, the drive starts to ramp down the motor speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 177: Safe Maximum Speed (Sms)
Safety functions 177 Safe maximum speed (SMS) The SMS function is used to protect the machine from too high speeds/frequencies. You can configure it to be permanently on or off. There are two different versions of the SMS function: 1. Version 1: If the motor speed reaches the minimum or the maximum SMS trip limit, the FSO module activates the SSE function.
Page 178: Sms Function, Version 1
178 Safety functions  SMS function, version 1 The operation of the SMS function, version 1 is described in the time diagram and table below. For configuration, see section How to configure SMS, version 1 page 374. Motor speed - -> Safe stop emergency (SSE) Time Drive STO state...
Page 179: Sms Function, Version 2
Safety functions 179  SMS function, version 2 The operation of the SMS function, version 2 is described in the time diagram and table below. For configuration, see section How to configure SMS, version 2 page 375. Motor speed Time SMS trip limit positive (parameter SMS.14) SMS trip limit negative (parameter SMS.13) SMS limit positive (parameter 200.73)
Page 180: Prevention Of Unexpected Start-Up (Pous)
180 Safety functions Prevention of unexpected start-up (POUS) The POUS function prevents the machine from starting unexpectedly. The POUS function activates the Safe torque off (STO) function in the drive. WARNING! The situations in which you can use the POUS function must always be based on a risk assessment (see IEC 60204-1:2016).
Page 181 Safety functions 181 Step Description The user stops the motor. The user activates the POUS function. The FSO activates the drive STO function and starts a counter for time A. The POUS active indication (parameter POUS.21) and the STO active indication (parameter STO.21) become active. Note: If the user activates the POUS function when the motor is running, the FSO activates the drive STO function, generates a fault (7A97) and the motor coasts to a stop.
Page 182: Safe Speed Monitor (Ssm)
182 Safety functions Safe speed monitor (SSM) The SSM function provides a safe output signal to indicate whether the motor speed is between user-defined limits. There are four separate SSM functions (SSM1...SSM4) with separate monitoring limits and indications. Several SSM functions can be active at the same time.
Page 183 Safety functions 183 Step Description The SSM1 request is received (for example, from the I/O) and the FSO starts the SSM1 monitoring. The motor speed is between the SSM1 limit positive (A) and SSM1 limit positive (B). The SSM1 indication goes on. The motor speed goes above the SSM1 limit positive (A), the SSM1 indication goes off.
Page 184: Ssm With A Safe Speed Estimate
184 Safety functions  SSM with a safe speed estimate This section describes situations when an encoder is not used and the drive stops modulating when the SSM monitoring is on. Case A: This applies when the drive stops modulating after the SSM monitoring limit has been reached.
Page 185 Safety functions 185 Case B: This applies when the drive stops modulating before the SSM monitoring limit has been reached. Motor speed STO.14 Time SSM1 request SSM1 state & indication (3a) SSM1 state & indication (3b) SSM1 limit positive (parameter SSMx.13) SSM1 limit negative (parameter SSMx.12) Time to zero speed (parameter STO.14): When the drive stops modulating, SSM1 indication goes on after this delay.
Page 186: Safe Direction (Sdi)
186 Safety functions Safe direction (SDI) This safety function requires that you use an encoder in the safety application. The SDI function monitors that the motor rotates into the correct direction. There are separate functions to monitor the positive and negative directions. You can activate them separately.
Page 187 Safety functions 187 Step Description The SDI positive request is received (for example, from the I/O) and the FSO starts the SDI monitoring. The SDI active indication goes on. The motor rotates to the correct direction (in this case, positive). The motor stops.
Page 188: Sdi With Time Monitoring
188 Safety functions  SDI with time monitoring This applies when the motor rotates into the forbidden direction when the SDI function is activated and the time monitoring method is used. The SDI positive function is used as an example. Motor speed SDI.12 - ->...
Page 189 Safety functions 189 Step Description The SDI positive request is received (for example, from the I/O). The motor rotates into the forbidden direction (in this case, negative). The drive starts to decelerate the motor speed to zero speed. The drive (parameter 23.13 or 23.15) defines the deceleration ramp.
Page 190: Sdi With Ramp Monitoring
190 Safety functions  SDI with ramp monitoring This applies when the motor rotates into the forbidden direction when the SDI is activated and the ramp monitoring method is used. The SDI positive function is used as an example. Motor speed Time - ->...
Page 191 Safety functions 191 Step Description The SDI positive request is received (for example, from the I/O). The motor rotates into the forbidden direction (in this case, negative). The drive starts to decelerate the motor speed to zero speed. SAR1 parameter 200.112 defines the deceleration ramp.
Page 192: Sdi Trip Limit Hits
192 Safety functions  SDI trip limit hits This applies to SDI trip limit hit situations, that is, when the motor rotates too much to the forbidden direction while the SDI monitoring is on. The SDI positive function is used as an example. Note: This diagram shows the position of the motor shaft (not the motor speed).
Page 193: Priorities Between Safety Functions
The POUS function is independent of other safety functions. If you activate the POUS function when another safety function is active (for example, during a deceleration ramp), it can disturb the performance of the other safety function. ABB recommends that you do not activate the POUS function when the motor is running.
Page 194 194 Safety functions...
Page 195: Profisafe
PROFINET. It describes the FSO module states and transitions and the contents of the PROFIsafe messages. The chapter also includes installation instructions, configuration instructions for the ABB AC500-S Safety PLC and Siemens SIMATIC Fail-safe S7 PLC and fault tracing tips.
Page 196: System Description
Tools • Drive composer pro: version 1.7 or later • For ABB PLCs: Automation builder: 1.0 or later (includes PS501 Control Builder Plus version 2.3.0), safety license PS501-S • For Siemens PLCs: SIMATIC Step 7 V5.5 + S7 Distributed Safety V5.4 and...
Page 197: System Overview
F-Input data Status Byte The FSO-21 safety functions module and the FB module are installed on the ACS880 drive. The safety PLC is connected to the FB module, which communicates with the FSO module. The safety PLC activates safety functions via the PROFIsafe communication bus.
Page 198 F-Parameters are sent from the F-Host (safety PLC) to the F-Device (FSO module) when the PROFIsafe connection is created. They contain the PROFIsafe addresses and the watchdog time for the PROFIsafe connection. Note: ABB recommends that you use only PROFINET compatible Ethernet switches and cables in the PROFIsafe communication bus.
Page 199: Remote I/O Control
PROFIsafe 199 Remote I/O control You can control the FSO module outputs and read input information also from the safety PLC. A request to activate or deactivate an output is sent from the safety PLC (PROFIsafe controller) to the FSO module in a PROFIsafe message. See section FSO PROFIsafe profiles on page 201.
Page 200: Profisafe Description
200 PROFIsafe PROFIsafe description  PROFIsafe message format The FSO module supports only the PROFIsafe short frame format. The short frame supports a maximum of 12 octets of user data. The frame also includes a CRC (3 octets) and one Status/Control Byte octet. Therefore, the maximum frame size of the message is 16 octets.
Page 201: Fso Profisafe Profiles
FSO PROFIsafe profiles The content of the F-Input and F-Output user data is configured with FSO specific PROFIsafe profiles. The FSO-21 module supports the ABB_PS1 and ABB_PS2 profiles. The ABB_PS1 profile provides the functionality to control and monitor the safety functions, the SLS limits, the safe speed value and the states of the FSO I/O.
Page 202 202 PROFIsafe ABB_PS1 profile F-Output user data This table shows the bit order of the F-Output data, which is included in the PROFIsafe message sent to the FSO module from the safety PLC. For all the bits in the F-Output data, one (1) means active and zero (0) non-active. Type Octet Bit Name Description...
Page 203 PROFIsafe 203 Type Octet Bit Name Description Unsig Variable_SLS_req Variable SLS (Safely-limited speed) activation ned16 uest requested by the controller and the Variable SLS (used limit is valid. Reserved Must not be used (must be 0). bits) SF_end_ack Safety function ending acknowledgement = 1, no acknowledgement = 0.
Page 204 “0”. In these cases, you can read the FSO state from: • Siemens PLC: bits QBAD and PASS_OUT in the PROFIsafe data block • ABB PLC: bit Device_Fault in the PROFIsafe data structure. See also section FSO module modes and states on page 212.
Page 205 PROFIsafe 205 Type Octet Bit Name Description Unsig Speed_feedback_ty Active speed feedback ned16 0=Estimate is active (used 1=Encoder is active Note: This value should only be used for octet 5 bits) bit 3 Speed_Pos_value_valid interpretation, that is, to determine if the position value is valid or not (octet 8 and 9).
Page 206 206 PROFIsafe Type Octet Bit Name Description Unsig SF_end_ack_req Safety function ending acknowledgement ned16 requested = 1, (used no acknowledgement requested = 0. Acknowledgement can be done via PROFIsafe. bits) Note: These values are indicative only and shall not be used for safety-related decisions about safety function states (there are other ways to safely determine the state of a function, for example, using SS1 to check octet 0 bit 4 and...
Page 207 PROFIsafe 207 Type Octet Bit Name Description Intege Safe_speed_MSB The current motor speed value from FSO (MSB). Intege Safe_speed_LSB The current motor speed value from FSO (LSB). The safety PLC must ignore the value of the reserved bits. This ensures the compatibility with future versions of the PROFIsafe profile where the reserved bits may be used.
Page 208 208 PROFIsafe Type Octet Bit Name Description Unsig Variable_SLS_req Variable SLS (Safely-limited speed) activation ned16 uest requested by the controller and Variable SLS limit is (used valid. Reserved Must not be used (must be 0). bits) SF_end_ack Safety function ending acknowledgement = 1, no acknowledgement = 0.
Page 209 “0”. In these cases, you can read the FSO state from: • Siemens PLC: bits QBAD and PASS_OUT in the PROFIsafe data block • ABB PLC: bit Device_Fault in the PROFIsafe data structure. See also section FSO module modes and states on page 212.
Page 210 210 PROFIsafe Type Octet Bit Name Description Unsig Speed_feedback_ty Active speed feedback ned16 0=Estimate is active (used 1=Encoder is active Note: This value should only be used for octet 5 bits) bit 3 Speed_Pos_value_valid interpretation, that is, to determine if the position value is valid or not (octet 8 and 9).
Page 211 PROFIsafe 211 Type Octet Bit Name Description Unsig SF_end_ack_req Safety function ending acknowledgement ned16 requested = 1, no acknowledgement requested = (used 0. Acknowledgement can be done via PROFIsafe. Note: These values are indicative only and shall bits) not be used for safety-related decisions about safety function states (there are other ways to safely determine the state of a function, for example, using SS1 to check octet 0 bit 4 and...
Page 212: Fso Module Modes And States
212 PROFIsafe Type Octet Bit Name Description Intege Safe_speed_MSB The current motor speed value from the FSO (MSB). Intege Safe_speed_LSB The current motor speed value from the FSO (LSB). Intege Safe_position_MSB Safe position value (MSB). Intege Safe_position_LSB Safe position value (LSB). The safety PLC must ignore the value of the reserved bits.
Page 213 PROFIsafe 213 State diagrams Overview of states and transitions in the FSO module during normal operation. Internal fault Drive composer pro Power down Start-up Fail-safe Configuration Safe Safe (User (Module acknowledgement passivation) request) Operational Safe (Module passivation with a command) Safe (Module passivation &...
Page 214 214 PROFIsafe Overview of states and transitions in the FSO module when fatal errors in the FSO module occur or when cycling power of the FSO module. Configuration Start-up Fail-safe Safe Safe (User (Module acknowledgement passivation) request) Operational Safe Safe (Module (Module passivation passivation with...
Page 215 PROFIsafe 215 Description of states This table describes the FSO module states and how the states are shown in the PROFIsafe messages. The Status Byte and the profiles are described in detail in sections Status Byte and CRC2 bit order on page FSO PROFIsafe profiles on page 201.
Page 216 216 PROFIsafe State Description Operational PROFIsafe communication is up and running. The safety application is running without any detected errors. PROFIsafe Status Byte bits in the F-Host for the FSO module: • OA_Req_S = 0 • FV_activated_S = 0 • Device_Fault = 0 ABB_PS1 or ABB_PS2 profile bits in the F-Host for the FSO module: •...
Page 217 PROFIsafe 217 State Description Safe PROFIsafe communication is up and running. The FSO application is (Module running with detected errors. passivation & At least one of the active safety functions has encountered an error. For reintegration) example, the SLS1 function is active and its speed limits are violated. The drive is stopped using the configured method.
Page 218 218 PROFIsafe State Description Safe (Module The FSO application is running and there has been an error in the passivation) PROFIsafe communication. The FSO module and, as a result, all its I/O channels are passivated. Possible reasons for module passivation are: 1.
Page 219 PROFIsafe 219 State Description Safe (Module PROFIsafe communication is up and running. The FSO application is passivation with a running without any detected errors. command) The FSO module and all its I/O channels are passivated because the safety application on the safety PLC requested a module passivation (activate_FV_C = 1 was set).
Page 220 220 PROFIsafe State Description Fail-safe The FSO application keeps the system in the Fail-safe mode. PROFIsafe communication is up and running. This state is reached if a fatal error (for example, CPU test, RAM test, I/O channel test etc. failed) takes place. The drive is stopped using the configured method.
Page 221 PROFIsafe 221 Transitions between states This table describes the transitions between the FSO module states. The numbering of the transitions refer to the transitions shown in the state diagrams on page 213. From Description Start-up Safe (Module The FSO module goes to this state directly after passivation Start-up during a normal start-up.
Page 222 222 PROFIsafe From Description Safe (Module Fail-safe Fatal error(s) (CPU test, RAM test, etc. failed) passivation & detected. reintegration) Safe (Module Fail-safe Fatal error(s) (CPU test, RAM test, etc. failed) passivation) detected. Safe (Module Start-up The FSO module goes to this state by cycling passivation &...
Page 223 PROFIsafe 223 From Description Safe (Module Safe (User Command “activate_FV_C = 0” has been passivation with a acknowledgem received and “OA_Req_S = 1”. command) ent request) Safe (Module Fail-safe Fatal error(s) (CPU test, RAM test, etc. failed) passivation with a detected.
Page 224: Profisafe Response Time
224 PROFIsafe  PROFIsafe response time The safety function response time (SFRT) is the time within which the safety system must react after an error has occurred in the system. SFRT is also the maximum time within which the safety system must respond to a change in the input signals.
Page 225 Instead of WCDT values, the calculation uses watchdog times. See AC500-S Safety User Manual (3ADR025091M0207 [English]) for details. For example, when using the ABB AI581-S as the input device, the SM560-S safety PLC and the FSO module as the output device, SFRT can be calculated as follows: SFRT = Device_WD1 + 0.5 x F_WD_Time1 + F_Host_WD + 0.5 x F_WD_Time2...
Page 226: Profisafe Watchdog Time
PROFIsafe frame using the currently available process values. 2. Bus time is the time it takes when the PROFIsafe frame is transmitted from the F-Device (FSO module) to the F-Host (such as the ABB SM560-S safety controller station) through the "black channel".
Page 227 PROFIsafe 227 Calculating the watchdog time It is not always easy to calculate the worst-case delay time of “black channel” components. See AC500-S Safety User Manual (3ADR025091M0207 [English]) for a proposed method of tracing the actual PROFIsafe cycle times in a real system. You must then set F_WD_Time about 30% higher than the worst-case value in variable tResponseTimeMS (in the AC500-S safety program) for the given safety device.
Page 228: Installation
228 PROFIsafe Installation Installation procedure: 1. Install the FSO safety functions module to the drive, see chapters Planning for installation Installation and the drive hardware manual. 2. Install the FB module to the drive. See the appropriate manual: • FENA-01/-11/-21 Ethernet adapter module user’s manual (3AUA0000093568 [English]), or •...
Page 229: Configuration
PROFIsafe 229 Configuration  Configuring the FB module You can use either the drive control panel or the Drive composer pro PC tool to modify the settings of the FB module. Note: This section describes only the most important configuration steps. For more detailed information, see FPNO-21 PROFINET fieldbus adapter module user’s manual (3AXD50000158614 [English]), FENA-01/-11/-21 Ethernet adapter module user’s manual (3AUA0000093568 [English]) and the drive firmware manual.
Page 230: Configuring The Fso Module
51/54.02 FBA A/B PAR2 Selects one of the PNIO profiles. (PROTOCOL/ PROFILE) PNIO ABB Pro Profile PNIO ABB Pro is selected 51/54.03 FBA A/B PAR2 Sets the Ethernet communication rate. (COMMRATE) Auto Ethernet communication rate is negotiated automatically by the device.
Page 231: Configuring The Safety Plc
For detailed information on the passwords and access permissions in Automation Builder, see the AC500-S Safety PLC user manual. You can find the complete documentation of ABB PLCs and Automation Builder 2.0 application in www.abb.com/PLC.
Page 232 ABB Document library. See section Downloading the GSD file on page 231. 1. Start the ABB Automation Builder application. 2. On the Tools menu, select Device Repository. 3. In the window that opens, click Install... and browse for the GSD file.
Page 233 PROFIsafe 233 5. After creating the project, the following view is shown. Add the necessary controller devices to the PLC project. Next, add the necessary controller devices to the PLC project. First add the safety controller to slot 1 (make sure that the physical controller is in the same slot). Right- click on the slot, select Add object, and pick the SM560-S safety controller from the list.
Page 234 234 PROFIsafe Note: When adding the safety controller, a login screen will appear. The default login information is: User name: Owner Password: (empty) Next, in the same way, add the CM579-PNIO PROFINET master to slot 2.
Page 235 PROFIsafe 235 Note: Make sure that the “Enable debug” setting is On for the safety controller station, if you want to view or debug the PLC program after the download. Controller station Safety controller station PROFINET controller 6. Right-click on the PROFINET controller CM579-PNIO-Master and add the FENA module to the PROFINET IO network.
Page 236 236 PROFIsafe...
Page 237 PROFIsafe 237 7. Add the desired I/O module, for example, “PPO Type 4” to the first slot of the FENA module to define cyclic communication between the module and the PLC. 8. Add the PROFIsafe module “PROFIsafe ABB_PS1” to the second slot of the FENA module to define cyclic communication between the module and the PLC.
Page 238 238 PROFIsafe 9. Define the PROFINET controller (CM579-PNIO) properties, such as the IP address and IP address settings for devices: • Select PNIO_Controller. • On the PROFINET I/O Controller tab, define the necessary IP addresses. 10. Define the FENA properties: •...
Page 239 PROFIsafe 239 • In the advanced settings, create a new local profile with the following parameters: • Next open the CoDeSys safety program and choose Communication...
Page 240 240 PROFIsafe parameters from the Online drop down menu. • Now create a new profile and fill in the following parameters: • Next check that your network adapter is in the same subnet. Open the...
Page 241 PROFIsafe 241 Windows network and sharing center and click on the network adapter. • Navigate to the IPv4 properties. • Finally, set your subnet to the same range as the PLC. Check that the IP address is not in use on the network.
Page 242 242 PROFIsafe 12. Create configuration data for safety and non-safety. Note: The PROFIsafe source and destination addresses have to be different in order for the configuration process to work. Also, when creating safety data, some libraries will have to be created.
Page 243 PROFIsafe 243 13. Return to the PROFINET controller (CM579-PNIO) properties. On the Assign I/O Device Name tab: • Click Connect to PLC (Login) and select the communication link used between Automation Builder and the PLC. • Click Scan to find all PROFINET devices connected to the network. •...
Page 244 244 PROFIsafe 15. Define the PROFIsafe module properties: • Select the PROFIsafe module PROFIsafe_ABB_PS1. On the F-Parameter tab, modify the PROFIsafe safety parameters. Three of the listed parameters can be modified for FENA: • F_Source_Add is the address of the safety controller station (in this example, AC500 SM560-S).
Page 245 PROFIsafe 245 These two define the codename for the PROFIsafe relationship of this particular FENA module and the safety controller station. • F_WD_Time is the PROFIsafe watchdog time. See section Calculating the watchdog time on page for instructions on how to calculate the correct watchdog time.
Page 246 246 PROFIsafe WARNING! Do not use this safety program in real safety applications. This safety program is shown only as an example and can only be used for trial purposes. Note: This example program also keeps the SLS3 function active all the time.
Page 247 PROFIsafe 247 21. For the “non-safety” program: • In the Project menu, select Build. • In the Online menu, select Login. Note: If there are communication problems at this point, select Communication parameters... from the Online menu. Note: To make sure that the program is downloaded to the PLC (even when no changes have been made), select Clean all from the Project menu.
Page 248 248 PROFIsafe Monitoring the PROFIsafe message It is possible to monitor the contents of the PROFIsafe message. For example: 1. Check the variable values in the Current Value column on the PNIO Module I/O Mapping tab.
Page 249: Configuring The Siemens Simatic Fail-Safe S7 Plc
(S7 Distributed Safety - configuring and programming, Programming and Operating Manual, 07/2013, A5E00109537-05). Before you start, make sure that you have downloaded the FENA GSD file from the ABB Document library. See section Downloading the GSD file on page 231.
Page 250 5. When you install the controller station to the rail, select Industrial Ethernet as the subnet for the controller station. 6. Install the FENA GSD file: • In the Options menu, select Install GSD Files. • Browse for the GSD file that you downloaded from the ABB Document library. • Click Install.
Page 251 PROFIsafe 251 Note: In some versions of the SIMATIC environment, you have to close the whole SIMATIC program and open it again to make the new GSD file visible in the object catalogue. 7. Click and drag the FENA object from the device catalog to the Ethernet (1): PROFINET-IO-System.
Page 252 252 PROFIsafe 8. Click and drag the desired I/O object, for example PPO Type 4, to the first slot of the FENA module to define cyclic standard communication between the module and the PLC. 9. Click and drag the PROFIsafe object PROFIsafe ABB_PS1 to the second slot of the FENA module to define cyclic safety communication between the module and the PLC.
Page 253 PROFIsafe 253 11. On the General tab, type the Device name for the adapter module (in this example, drive1). This is the IP address that will be assigned to the FENA adapter module. To modify the IP address, click the Ethernet button. The IO controller assigns the IP address.
Page 254 254 PROFIsafe 14. Type a name for the I/O object (in this example, PROFIsafe ABB_PS1). 15. On the Parameters tab, configure the Stop mode and Control-zero mode functions, and define Fail safe values for the PLC output process data (PZDs).
Page 255 PROFIsafe 255 16. Assign the device name (defined in step 11) to the adapter module: • In the hardware configuration, click FENA. • In the PLC menu, select Ethernet, and select Assign Device Name. • Click the Update button. • Click the available device with the correct MAC address to which the device name will be assigned.
Page 256 256 PROFIsafe 17. Check F-Parameters for the controller: • In the hardware configuration, double-click the controller station (for example, CPU 319F-3). • Select the F Parameters tab. • When prompted, give the password for the Safety Program. See the documentation of the SIMATIC system for details. •...
Page 257 PROFIsafe 257 18. Set F-Parameters of the FENA module: • In the hardware configuration, double-click PROFIsafe ABB_PS1 to open the Properties window. • On the PROFIsafe tab, modify the F_Dest_Add and F_WD_Time values as needed. • F_Source_Add is the address of the safety controller station. You can modify this in the host F Parameters tab.
Page 258 258 PROFIsafe 19. If necessary, you can give proper symbol names to the cyclic data: • Right-click the I/O object (PPO Type 4) in Slot 1 and select Edit Symbols… • Add names for the symbols. • Repeat the same for the PROFIsafe object (PROFIsafe ABB_PS1) in Slot 2. Note: In PROFINET communication, the bits of each octet are sent the most significant bit first.
Page 259 PROFIsafe 259 20. Check the protection of the controller station: • In the hardware configuration, double-click the controller station (for example, CPU 319F-3). • Select Protection tab. • Select 1: Access protect. for F CPU. • Check Can be bypassed with password. •...
Page 260 260 PROFIsafe Configuring the communication when there is no safety program If there is no safety program in the project, these instructions can help you to get the communication working. WARNING! Do not use this safety program in real safety applications. This safety program is only an example which you can use only for trial purposes to get the system up and running.
Page 261 PROFIsafe 261 4. Set DB1 as the I-DB for the F-program block and FB1 as the F-program block. 5. Click OK and close the dialog windows. 6. In SIMATIC manager, double-click on OB35. 7. Add call to FC1 by dragging the FC1 block from the FC blocks folder. 8.
Page 262 262 PROFIsafe 11. Save the block and close the editor. Note: This example program also keeps the SLS3 function active all the time. 12. In SIMATIC Manager, select Edit safety program from the Options menu. 13. Select Compile. 14. Select Download. If prompted, accept the inclusion of standard blocks. 15.
Page 263 PROFIsafe 263 Monitoring the PROFIsafe message It is possible to monitor the contents of the PROFIsafe message. For example: 1. In HW Configuration, select Monitor/Modify for the PROFIsafe telegram in Slot 2 of the FENA module.
Page 264: Configuring Siemens S7-1200 Plc With Tia14
264 PROFIsafe  Configuring Siemens S7-1200 PLC with TIA14 This example can be done with FENA-21 or FPNO-21 adapter modules. 1. Open TIA14 and create a new project.
Page 265 PROFIsafe 265 2. Select your CPU from the list. 3. Install the FENA-21 GSDML file.
Page 266 266 PROFIsafe 4. Add FENA-21 to the device configuration by dragging it from the hardware catalog. 5. Open the FENA-21 device view and add (by dragging and dropping) the desired PPO and PS telegrams to slot 1 and 2. In this example, we use PPO7 and PS2 (Additional info in manuals).
Page 267 PROFIsafe 267 6. Network view shows E-stop icon on the FENA device to indicate that device has safety I/O. 7. Assign FENA-21 to PROFINET controller. • Network configuration is updated.
Page 268 268 PROFIsafe • I/O addressing is assigned automatically to FENA. This can be seen in Device view (highlighted with a red box in the image below). 8. Select PLC from network view and Properties will show on the bottom of the screen.
Page 269 PROFIsafe 269 10. In Ethernet addresses submenu, set the PLC IP address. 11. In Advanced options, set PLC minimum cycle time for I/O and PROFINET communication (PROFINET cycle time). 12. For testing purposes, you can disable the PLC password. Remember to enable the PLC password after you have done the validation.
Page 270 270 PROFIsafe 13. In FENA properties, set the FENA-21 IP address and PROFINET device name. The device name will be used as identification. After successful identification, PLC will assign IP address to FENA. Note: FB module parameters (51.04 onwards) should be static 0.0.0.0 in the drive.
Page 271 PROFIsafe 271 14. Configure FENA ABB PS PROFIsafe settings: • F_Source_Add = PLC PROFIsafe address • F_Dest_Add = FSO PROFIsafe address • F_WD_Time = Maximum allowed PROFIsafe message cycle time. In this example, we use 200 ms.
Page 272 272 PROFIsafe 15. Add OB86 (Rack or station failure) program block to prevent PLC from stopping on I/O error. 16. Add new Function block “ABB_Drive”.
Page 273 PROFIsafe 273 17. Add variables to ABB_Drive FB. 18. Add ABB_Drive FB to OB1. Assign new instance Data Block for ABB_Drive FB. When using multiple drives, create one DB for each drive.
Page 274 274 PROFIsafe 19. Select the corresponding FENA PPO address for the drive HW input. The value can be verified from the HW configuration, in the FENA PPO type properties, under the Hardware Identifier tab.
Page 275 PROFIsafe 275 20. In ABB_Drive FB, add blocks DPRD_DAT and DPWR_DAT. 21. Insert values to blocks.
Page 276 276 PROFIsafe Later the PPO message data can be found in ABB_Drive1_DB. 22. In PLC Safety Administration, configure F-runtime group cycle time, warn and maximum cycle time limits. If maximum limit is exceeded, PLC will go to safe state.
Page 277 PROFIsafe 277 23. Create tag table for ABB_PS2 safety functions. See bit descriptions from FSO PROFIsafe profiles (Chapter 6). See correct I/O addresses from HW configuration. 24. Save and download project to PLC.
Page 278 278 PROFIsafe 25. Scan for accessible devices (start search). Note that a firewall can block traffic. 26. In device configuration, right-click FENA icon and select Assign device name.
Page 279 PROFIsafe 279 27. Select update list and identify the correct FENA-based on MAC ID label. Click Assign name. Note: The MAC ID can be found on the cover of the FB module. The PLC will assign a name and IP address to the selected FENA and drive parameter group 51 values will update accordingly.
Page 280: Fault Tracing
51.21 is set to Enabled (see the drive firmware manual). ABB AC500-S In the ABB AC500-S system, you can read PROFINET diagnostics messages from Control Builder Plus or with a separate PNIO_DEV_DIAG function block in the “non- safety” PLC program.
Page 281 PROFIsafe 281 SIMATIC Manager To read diagnostics messages: 1. In the PLC menu, select Diagnostic/Setting. 2. Select Hardware diagnostics. 3. In the window that opens, select the FENA module of your system. 4. Click the Module Information button.
Page 282 282 PROFIsafe 5. To read the diagnostic messages, select the I/O Device Diagnostics tab.
Page 283: Diagnostic Messages Related To F-Parameters
PROFIsafe 283 6. To check the Device number of the FENA module, select the General tab.  Diagnostic messages related to F-Parameters The diagnostics messages in this table are caused by problems in the F-Parameter processing that takes place only when the controller station sends the F-Parameters to FB module.
Page 284: Typical Communication Errors
284 PROFIsafe Value Description Notes (hex) Parameter "F_SIL" exceeds SIL from F_SIL defined for this device at F-Host is specific device application. not correct. This device supports only (0x0044) F_SIL = 3. Parameter "F_CRC_Length" does not F-Parameter checksum length different match the generated values.
Page 285 PROFIsafe 285 Fault Cause What to do You cannot start The drive safety parameters are In the ACS880/DCS880 drives, check the PROFIsafe not set correctly. the values of parameters 200.222 communication. Safety bus type 200.223 Safety fieldbus adapter slot. See section How to configure the safety communication with PROFIsafe page...
Page 286 286 PROFIsafe...
Page 287: Planning For Installation
Planning for installation 287 Planning for installation Contents of this chapter This chapter gives instructions and references to instructions in other manuals for planning the safety system installation, as well as the requirements for installation in the applicable safety standards. Requirements for designers and installers •...
Page 288: Electrical Installation
288 Planning for installation WARNING! If you operate the drive system with a safety module in environmental conditions that are outside of the specified ranges for the safety module, this can cause that a safety function is lost. Electrical installation ...
Page 289: Sto Cable And Data Cable Between Fso Module And Drive
Note: You can use calculation software to assist in selecting the appropriate architecture that will meet the safety integrity requirements for a particular application. Use, for example, ABB’s Functional safety design tool, see Functional safety design tool user’s manual (3AXD10000102417 [English]).
Page 290: Selecting Control Cables
290 Planning for installation  Selecting control cables All control cables must be shielded. Use double-shielded twisted pair cable for low voltage digital signals (control cables to on-field devices). An alternative solution is to use single-shielded twisted multi-pair cable. See section Control connection data on page and chapter Planning the electrical...
Page 291: Standard Function And Wiring Examples
Planning for installation 291  Standard function and wiring examples Passive switch Examples: • Limit switch • Emergency stop button Physical separation of the X114 X113 different channels or appropriate cable protection (eg. double- shielding) Channel separation Diagnostic pulses Relay / contactor output with feedback Examples: •...
Page 292 292 Planning for installation Safe brake control (SBC) In this figure normal and safe brake controls are connected in series. Both are independent and redundant 2-channel solutions. The safe brake control needs a feedback from the brake system. The SBC feedback can be from a relay/contactor or from the mechanical brake itself.
Page 293 Planning for installation 293 Active sensors / input signals from solid state devices Examples: • PLC 24 V DC PNP • Light curtain OSSD Physical separation of the different channels or appropriate cable protection (eg. double- shielding) X114 X113 Diagnostic pulses from an active sensor must not be 24 V DC CH 2...
Page 294 294 Planning for installation Cascade Example: Module 1 X114 X113 (cascade master) E-stop button button Common Physical separation of the different Module 2 X114 X113 channels or appropriate cable protection (eg. double-shielding) Common Module 3 X114 X113 Common Channel separation Diagnostic pulses...
Page 295: Installation
Installation 295 Installation Contents of this chapter This chapter gives examples of how to connect the FSO module to the ACS880/DCS880 drive. WARNING! Connect the FSO module to a 24 V DC power supply. If you connect it to a power supply with a higher voltage (for example, 115 V or 230 V), it will cause damage to the module.
Page 296: Unpacking
296 Installation Unpacking If you have ordered the FSO module option separately, it is delivered in its own package. The package contains: • the FSO module (1) • connector plugs and attachment screws (2) • 2 × FSO data cable, 220 mm and 85 mm (3) •...
Page 297: Mechanical Installation
Installation 297 Mechanical installation If you have ordered the FSO module option with the drive, it is delivered with the FSO already installed and the FSO data cable connected. In this case, continue with Electrical installation on page 299. If you have ordered the FSO module option separately, it is delivered in its own package and you must install it to the drive control unit.
Page 298: Installing The Module Onto A Zcu Control Unit
298 Installation  Installing the module onto a ZCU control unit Install the FSO mechanically onto the control unit as described in the drive hardware manual. For the tightening torques, refer to Tightening torques on page 517. Examples are shown below:...
Page 299: Electrical Installation
Installation 299 Electrical installation  Terminals The connections are shown in the figure below. X110: DATA Data connection to the drive control unit X111: STO STO 24 V STO STO ground STO STO1LO drive internal signal STO STO2LO drive internal signal X112: POWER 24 V POWER 0 V...
Page 300: Connection Procedure
300 Installation  Connection procedure WARNING! Obey the safety instructions. See chapter Safety instructions page 13. If you ignore them, injury or death can occur. 1. Stop the drive and do the steps in section Electrical safety precautions on page before you start the work.
Page 301 Installation 301 4. Make sure that the FSO data cable (terminal X110) is connected to the drive. Use only the cable delivered with the module.
Page 302 302 Installation 5. Connect the supplied four-wire cable to the FSO terminal X111. Connect the other end of the cable to the drive STO connection (XSTO connector). ABB recommends to use the cable delivered with the FSO module. For a user-defined...
Page 303 Installation 303 7. Connect the power supply wires to the FSO terminal X112. Use a tightening torque of 0.24 Nm (2.1 lbf·in) for the FSO terminals. Use proper cable strain relief. See also section Power supply connection/cables on page 289.
Page 304 304 Installation...
Page 305: Installation Checklists
Installation checklists 305 Installation checklists Contents of this chapter This chapter contains a checklist for checking the mechanical and electrical installation of the FSO module and refers to common cause failure checklists in standards. Checklists Check the mechanical and electrical installation of the FSO module before start-up. Go through the checklists below together with another person.
Page 306 306 Installation checklists Check MECHANICAL INSTALLATION (See chapter Planning for installation and section Installation: Unpacking.) The ambient operating conditions are within the allowed range. Drives with separate inverter and supply units: Make sure that you have installed the FSO module in the inverter unit. The FSO and FSE modules are attached properly and the grounding screw is correctly tightened.
Page 307: Configuration
IEC 61508-1 clause 6. In this context, the person must have adequate expertise and knowledge of functional safety, the safety functions as well as the configuration of the FSO module. ABB has training courses available on the FSO module.
Page 308: Configuring The Fso Module
308 Configuration Configuring the FSO module  Overview - safety system configuring process The diagram and table below explain the main phases of the safety system configuring process. Risk assessment Safety requirements configuring Planning the configuration of the FSO Design of the safety functions Commissioning of the FSO Validation of the functional safety system Validation test report...
Page 309 Configuration 309 No. Phase Risk assessment & Safety requirements & • analysis and evaluating of the risks • need for risk reduction • required PL or SIL level • speed limits and distances for safety functions. Planning of the configuration of the FSO How to do the safety configuration in a safe way, including configuration, commissioning, validation and verification.
Page 310: Fso Configuring Procedure
Note: Configuration is only possible when the drive is not modulating or the FSO is in the Safe state. Note: FSO-12 and FSO-21 have different firmware versions, and thus their safety configuration files are not compatible. Note: After you initially start up the FSO and also after you later modify any...
Page 311 Configuration 311 d. Set the parameter values. • Encoder interface (if used): Configure the encoder parameters before you configure any safety functions. • General parameters: Check at least that the motor parameters are correct • Safety fieldbus communication (if used): Set up the communication between the safety PLC and FSO module.
Page 312: Configuring General Settings
312 Configuration Configuring general settings  How to configure general settings To configure the general settings, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter group FSOGEN page 180. Example: The figure below shows an example I/O set-up: •...
Page 313: Configuring The Safety Encoder Interface
Configuration 313 Configuring the safety encoder interface  How to configure the safety encoder interface To configure the safety encoder interface, set the drive and FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups Safety, S_ENCGEN, Enc module settings (91) and...
Page 314 314 Configuration Set these FSO parameters in the Safety settings view of the Drive composer pro PC tool: • Communication with the FSE module activated: 200.231 FSE 3X act and par version = Version 1 • One safety encoder is connected to the FSE module: 200.232 Number of encoders = Single encoder CH1.
Page 315: Diagnostics Of Fse-31 Encoder Interface Module
Configuration 315 • The maximum pulse frequency range of Encoder 1: 92.17 Accepted pulse freq of encoder 1 = 220 kHz Note: You can use this formula to define the value: r_max x ppr_enc + 10%, where • r_max = the maximum motor speed (rpm) used in the application (or the motor nominal speed) •...
Page 316: Disabling The Safety Encoder Interface
316 Configuration  Disabling the safety encoder interface You must do the steps below to disable the FSE module in the FSO module configuration. The drive is still using the measured motor speed data for the motor control purposes if drive parameter 90.41 Motor feedback selection = Encoder 1 (in an ACS880 drive) / 90.41 M1 feedback selection = Encoder 1 (in a DCS880 drive).
Page 317: Configuring The Fso For Fse Or Encoder Failure Situations
Configuration 317 Configuring the FSO for FSE or encoder failure situations Always set this parameter to a suitable value: • STO.14 Time to zero speed with STO and modoff If the SBC function is in use, set also these parameters: •...
Page 318: Configuring The Safety Fieldbus Communication
318 Configuration With this selection, the application can continue the operation and the FSO module keeps the monitoring safety functions (SLS, SMS, SSM) active even if the encoder data is lost. FSO module sends a warning to the drive about missing encoder data. FSO module switches to use the estimated motor speed instead of the measured motor speed from the encoder until the failure is fixed.
Page 319: Configuring I/O
Configuration 319 In addition, you must install the FB module to the drive and set up the safety communication network between the modules as described in chapter PROFIsafe. Example: • PROFIsafe communication activated (SBUSGEN. 01 SBUS activity and version = Version 1 and 200.222 Safety bus type = PROFIsafe) •...
Page 320 320 Configuration The location of the input and output terminals on the FSO module is shown in section Layout on page 38. Inputs Inputs can be configured into use with different safety functions. It is possible to select either single or redundant inputs in use. For example, if a single input X113:1 is supposed to activate the STO function, user must configure this input in use in the STO configuration view.
Page 321 Configuration 321 Example: The figure below shows an example I/O set-up: • All inputs use diagnostic pulses with 1 ms width and 30 s period. • One redundant cascaded connection from input 1 to output 7 • One safety relay (always redundant) connected to output 8 with feedback connected to input 3 •...
Page 322: How To Configure A Cascaded System
322 Configuration  How to configure a cascaded system This example shows how to configure the cascaded system (Cascade A) as shown in section Cascade on page 62. The SSE function is used as an example (Safety function 1 in the figure on page 62). In this configuration example, Cascade B is not configured (parameter SAFEIO.13 Cascade B = None).
Page 323 Configuration 323 Parameter settings in the master FSO Index Name/Value Description SAFEIO.11 M/F mode Sets the master/follower mode of the FSO module for both for cascade cascade connections A and B separately. In this example, only cascade connection A is used. A = master, This module is the master on cascade connection A.
Page 324 324 Configuration Index Name/Value Description FSOGEN.42 Acknowledg Sets the digital input that is connected to the button for ement acknowledgement operations. button input DI X114:2 Single input X114:2...
Page 325 Configuration 325 Parameter settings in the follower FSOs Index Name/Value Description SAFEIO.11 M/F mode for Sets the master/follower mode of the FSO module for both cascade cascade connection A and B separately. In this example, only cascade connection A is used. A = follower, This module is a follower on cascade connection A.
Page 326: How To Configure Safety Relays
326 Configuration  How to configure safety relays If you want to control a safety relay or contactor with the FSO module, define the use of the related I/O with these parameters. See also section Relay / contactor output with feedback on page 291.
Page 327: Configuring Sbc
Configuration 327 Configuring SBC When you use the SBC function (brake) with other safety functions of the FSO module, it is always combined with the drive STO function. That is, the SBC function is activated before, at the same time with or after the drive STO function. You can configure the SBC in the STO, SSE and SS1 functions: •...
Page 328 328 Configuration FSO internal fault situations The FSO module activates STO and SBC if configured into use in internal fault situations.
Page 329: How To Configure The Sbc In The Sto Function
Configuration 329  How to configure the SBC in the STO function Use these parameters to configure the SBC: 1. Set the how the brake is used with parameter SBC.11 STO SBC usage: • None: the SBC is not used •...
Page 330: How To Configure The Sbc In The Ss1 Function
330 Configuration  How to configure the SBC in the SS1 function Use these parameters to configure the SBC: 1. Set the correct SBC speed limit with parameter SBC.15 SSE/SS1 SBC speed: • If the value is zero (0 rpm) the SBC is not used in the SS1 and SSE with emergency ramp functions.
Page 331: Configuring Sto
Configuration 331 Configuring STO To configure the STO function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups page on page 412. For more information on the STO and SBC functions, see page 68. Note: Always set the parameters related to the STO function to have the correct monitoring limit hit and fault reaction behavior.
Page 332 332 Configuration Example 2 (with an encoder): The figure below shows an example of a simple STO function set-up when an encoder is used. Configure the safety encoder interface first (see section Configuring the safety encoder interface on page 313). •...
Page 333: How To Configure Sbc After Sto
Configuration 333  How to configure SBC after STO For more information on the SBC after STO function, see page 71. Example 1 (without an encoder): The figure below shows an example of the SBC after the STO function set-up when an encoder is not used: •...
Page 334 334 Configuration Example 2 (with an encoder): The figure below shows an example of the SBC after the STO function set-up when an encoder is used. Configure the safety encoder interface first (see section Configuring the safety encoder interface on page 313). •...
Page 335: How To Configure Sbc Before Sto
Configuration 335  How to configure SBC before STO For more information on the SBC before STO function, see page 74. Example 1 (without an encoder): The figure below shows an example of the SBC before the STO set-up when an encoder is not used: •...
Page 336 336 Configuration Example 2 (with an encoder): The figure below shows an example of the SBC before the STO set-up when an encoder is used. Configure the safety encoder interface first (see section Configuring the safety encoder interface on page 313). •...
Page 337: How To Configure Sto With Speed Limit Activated Sbc
Configuration 337  How to configure STO with speed limit activated SBC This safety function requires that you use an encoder in the safety application. Configure the safety encoder interface first (see section Configuring the safety encoder interface on page 313). Note: If you configure the STO with speed limit activated SBC function, this activates the same function in the SSE with immediate STO function (see section How to...
Page 338 338 Configuration • See also section Configuring mute times on page 393. STO.02 Automatic Outputs Inputs Speed STO.11 STO.21 = DI X113:1 & X114:1 = None STO.13 = 500 ms STO.12 STO.22 = None = None SAFEIO.22 = DI X113:2 SBC.21 SBC.14 = DO X113:7...
Page 339 Configuration 339 Encoder or FSE failure situations The STO with speed limit activated SBC function (parameter SBC.11 STO SBC usage = Speed limit) requires the exact motor speed, and when this is not available, the FSO module starts to use the Delayed brake selection (parameter SBC.11 STO SBC usage = Delayed brake).
Page 340: Configuring Ss1
340 Configuration Configuring SS1 To configure the SS1 function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter group page 420. For more information on the SS1 function, see page 79. ...
Page 341 Configuration 341 SS1.01 = Version 1 STO.02 = Automatic SS1.13 = SS1-t Inputs Outputs Speed SS1.14 = 2000 ms SS1.21 SS1.11 = DO X114:9 = DI X113:1 & X114:1 SS1.22 SS1.12 = None = None SS1.15 = 0 ms FSOGEN.51 = 90 rpm Time SBC.15...
Page 342: How To Configure Ss1 With Ramp Monitoring (Ss1-R)
342 Configuration  How to configure SS1 with ramp monitoring (SS1-r) Example: The figure below shows an example of the SS1-r function set-up: • SS1 function activated (SS1.01 SS1 activity and version = Version 1) • SAR1 emergency ramp (200.112 SAR1 ramp time to zero, always with the SS1 function - see section Configuring SAR...
Page 343: How To Configure Ss1 With Speed Limit Activated Sbc
Configuration 343  How to configure SS1 with speed limit activated SBC Note: If you configure the SS1 with speed limit activated SBC function, this activates the same function in the SSE function (see section How to configure SSE with speed limit activated SBC on page 356).
Page 344 344 Configuration SS1.01 = Version 1 STO.02 = Automatic SS1.13 = SS1-t Inputs Outputs Speed SS1.11 SS1.14 = 2000 ms SS1.21 = DI X113:1 & X114:1 = DO X114:9 SS1.12 = None SS1.22 SBC.13 = 1200 ms = None SAFEIO.22 = DI X113:2 SS1.15 = 0 ms...
Page 345 Configuration 345 Example 2: The figure below shows an example of the SS1-r function with speed limit activated SBC set-up: • SS1 function activated (SS1.01 SS1 activity and version = Version 1) • SAR1 emergency ramp (200.112 SAR1 ramp time to zero, always with the SS1 function - see section Configuring SAR...
Page 346 346 Configuration SS1.01 = Version 1 STO.02 = Automatic SS1.13 = SS1-r Inputs Outputs Speed SS1.11 SS1.21 = DI X113:1 & X114:1 = DO X114:9 SS1.12 SS1.22 = None SBC.13 = 1200 ms = None SAFEIO.22 = DI X113:2 SS1.15 = 0 ms SBC.21 SBC.15...
Page 347: How To Configure Ss1 With Speed Limit Activated Sbc, Sbc Before Sto
Configuration 347  How to configure SS1 with speed limit activated SBC, SBC before Note: If you configure the SS1 with speed limit activated SBC, SBC before STO function, this activates the same function in the SSE function (see section How to configure SSE with speed limit activated SBC on page 356).
Page 348 348 Configuration Note: The same SBC delay is used in the STO and SS1/SSE functions. • delay for activating the brake after the SBC speed limit has been reached: 0 ms (SS1.15 SS1-r ramp zero speed delay for STO = 0 ms, not shown in the figure) •...
Page 349 Configuration 349 Example 2: The figure below shows an example of the SS1-r function with speed limit activated SBC, SBC before STO set-up: • SS1 function activated (SS1.01 SS1 activity and version = Version 1) • SAR1 emergency ramp (200.112 SAR1 ramp time to zero, always with the SS1 function - see section Configuring SAR...
Page 350: Related Safety Functions
350 Configuration SS1.01 = Version 1 STO.02 = Automatic SS1.13 = SS1-r Inputs Outputs Speed SS1.11 SBC.13 = 1200 ms SS1.21 = DI X113:1 & X114:1 = DO X114:9 SS1.12 SBC.12 = -300 ms SS1.22 = None = None SAFEIO.22 = DI X113:2 SS1.15 = 0 ms...
Page 351: Configuring Sse
Configuration 351 Configuring SSE To configure the SSE function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups page on page 412. For more information on the SSE function, see page 106. Note: Always set the parameters related to the SSE function to have the correct trip limit hit and fault reaction behavior.
Page 352 352 Configuration Example 2 (with an encoder): The figure below shows an example of the SSE function with immediate STO set-up when an encoder is used. Configure the safety encoder interface first (see section Configuring the safety encoder interface page 313). •...
Page 353: How To Configure Sse With Immediate Sto, Sbc After Or Before Sto
Configuration 353  How to configure SSE with immediate STO, SBC after or before STO The configuration is identical to the SBC after or before STO functions with these differences: • parameter STO.13 Restart delay after STO is not used •...
Page 354: How To Configure Sse With Time Monitoring
354 Configuration  How to configure SSE with time monitoring For more information on the SSE function with time monitoring, see page 116. Example: The figure below shows an example of the SSE function with time monitoring set-up: • SAR0 emergency ramp (200.102 SAR0 ramp time to zero, always with the SSE function - see section...
Page 355: How To Configure Sse With Ramp Monitoring
Configuration 355  How to configure SSE with ramp monitoring For more information on the SSE function with ramp monitoring, see page 120. Example: The figure below shows an example of the SSE function with ramp monitoring set-up: • SAR0 emergency ramp (200.102 SAR0 ramp time to zero, always with the SSE function - see section...
Page 356: How To Configure Sse With Speed Limit Activated Sbc
356 Configuration  How to configure SSE with speed limit activated SBC Note: If you configure the SSE with speed limit activated SBC function, this activates the same function in the SS1 function (see section How to configure SS1 with speed limit activated SBC on page 343).
Page 357 Configuration 357 STO.02 = Automatic SSE.13 = Emergency ramp SSE.14 = Time Outputs Inputs SSE.11 SSE.21 Speed = DI X113:1 & X114:1 = DO X113:9 SSE.15 = 2000 ms SSE.22 SSE.12 = None = None SAFEIO.22 SBC.21 = DI X113:2 = DO X113:7 SSE.16 = 0 ms...
Page 358 358 Configuration Example 2: The figure below shows an example of the SSE with emergency ramp function with speed limit activated SBC set-up with ramp monitoring: • SSE with emergency ramp (SSE.13 SSE function = Emergency ramp) • SAR0 emergency ramp (200.102 SAR0 ramp time to zero, always with the SSE function - see section...
Page 359 Configuration 359 STO.02 = Automatic SSE.13 = Emergency ramp SSE.14 = Ramp Outputs Inputs SSE.11 SSE.21 Speed = DI X113:1 & X114:1 = DO X113:9 SSE.22 SSE.12 = None = None SAFEIO.22 SBC.21 = DI X113:2 = DO X113:7 & X114:7 SSE.16 = 0 ms SBC.15...
Page 360: How To Configure Sse With Speed Limit Activated Sbc, Sbc Before Sto
360 Configuration  How to configure SSE with speed limit activated SBC, SBC before The configuration of the SSE with speed limit activated SBC, SBC before STO is identical to the configuration of the same SS1 function with these differences: •...
Page 361: Configuring Sar
Configuration 361 Configuring SAR  How to configure SARn To configure the SARn (n = 0…1), set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups Safety page SARx on page 430. See also section Ramp monitoring on page 57.
Page 362: Configuring Sls
362 Configuration Configuring SLS To configure the SLSn (n = 1…4), set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups Safety page SLSx on page 422. For more information on the SLS function, see page 140. Depending on the application, set the negative and positive SLS and SLS trip limits separately.
Page 363 Configuration 363 SLS1 Speed SLSx.04 = 2000 ms SLSx.14 = 1320 rpm 200.23 = 1200 rpm Time 200.22 = -900 rpm SLSx.13 = -1020 rpm activated monitoring monitoring started started (typical) (latest) Inputs Outputs 200.21 = Version 1 SLSx.11 SLSx.15 = DI X113:2 &...
Page 364: How To Configure Slsn With Ramp Monitoring
364 Configuration  How to configure SLSn with ramp monitoring Example: The figure below shows an example of the SLS2 function with ramp monitoring set-up: • SLS2 function activated (200.31 SLS2 activity and version = Version 1) • monitored deceleration ramp (SLSx.03 SLS activation monitoring method = Ramp) •...
Page 365: Related Safety Functions
Configuration 365 SLS2 200.31 = Version 1 SLSx.02 = Automatic SLSx.03 = Ramp Input Output Speed SLSx.24 SLSx.24 = DO X114:7 = DI X113:2 & X114:2 SLSx.23 = 1320 rpm 200.33 = 1200 rpm Time SLS monitoring started SLS activated 200.32 = -900 rpm SLSx.22...
Page 366: Configuring Variable Sls
366 Configuration Configuring Variable SLS This safety function requires that a safety PLC is connected to the FSO module via the PROFIsafe communication bus. For more information, see chapter PROFIsafe and section Configuring the safety fieldbus communication on page 318. To configure the Variable SLS function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool.
Page 367 Configuration 367 Note: The difference between the SLS limit and the corresponding SLS trip limit must be at least 0.1 rpm. These values are defined in the safety program: • only positive limits are scaled: Positive_Scaling = 0, Negative_Scaling = 1 •...
Page 368: How To Configure Variable Sls With Ramp Monitoring
368 Configuration  How to configure Variable SLS with ramp monitoring Example: The figure below shows an example of the Variable SLS function with ramp monitoring set-up: • Variable SLS function activated (200.61 SLS variable activity and version = Version 1) •...
Page 369 Configuration 369 These values are defined in the safety program: • only positive limits are scaled: Positive_Scaling = 0, Negative_Scaling = 1 • scaling values from the safety PLC: 70%, 50%, 100% (value set in Variable_SLS_limit = 7000, 5000, 10000). 200.61 = Version 1 SLSx.02...
Page 370: Defining The Scaled Sls4 Limit And Sls4 Trip Limits
370 Configuration  Defining the scaled SLS4 limit and SLS4 trip limits Because the same scaling percentage is used to scale both the original SLS4 limit and SLS4 trip limit, this affects the difference between new, scaled SLS4 limit and SLS4 trip limits.
Page 371 Configuration 371 Example 1 (no encoder): • Original SLS4 limit 100 rpm • Original SLS4 trip limit 102 rpm • Zero speed value 12 rpm In this case, the difference between original SLS4 and SLS4 trip limits is smaller than 25 rpm.
Page 372 372 Configuration constant even if the scaling value is decreased further. Zero speed value is less than the 25 rpm and has no effect to the trip limit scaling. Speed Scaling value (%) Scaled SLS4 trip limit Scaled SLS4 limit Zero speed value FSOGEN.51 The difference between SLS4 limits is 50 rpm when the scaling value is 100%...
Page 373: Related Safety Functions
Configuration 373 constant even if the scaling value is decreased further. Zero speed value is less than the 5 rpm and has no effect to the trip limit scaling. Speed Scaling value (%) Scaled SLS4 trip limit Scaled SLS4 limit Zero speed value The difference between SLS4 limits is 10 rpm when the scaling factor is 100% The difference between the scaled SLS4 limits is 5 rpm if the scaling value is 50% or less...
Page 374: Configuring Sms
374 Configuration Configuring SMS To configure the SMS, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter groups on page Safety on page 402. There are two different versions of the SMS function. Select the required version with parameter 200.71 SMS activity and version.
Page 375: How To Configure Sms, Version 2
Configuration 375  How to configure SMS, version 2 Example: The figure below shows an example of the SMS, version 2 set-up: • SMS function version 2 activated (200.71 SMS activity and version = Version 2) • SMS limit positive (200.73 SMS limit positive = 1750) •...
Page 376: Configuring Pous
376 Configuration Configuring POUS  How to configure POUS To configure the POUS function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter group POUS page 415. For more information on the POUS function, see page 180. Example: The figure below shows an example of the POUS function set-up: •...
Page 377: Tion Ramp
Configuration 377 To configure SLS functions into use (SLS1…SLS4 or variable SLS), see chapters Configuring SLS on page Configuring Variable SLS on page 366. The following parametrization is relevant for a situation where drive modulation is lost during SLS deceleration ramp and SLS function is activated when motor speed is higher than SLS limit speed.
Page 378 378 Configuration Motor speed SLSx.06 SLSx.04 Time STO active Drive modulation SLS request SLSx.06 Modoff time delay monitoring SLSx.04 time delay monitoring SLS indication STO.14 delay 1. SLS request is activated (SLSx.11 SLS1 input A = DI X113:2 & X114:2). SLS time delay monitoring is started (SLSx.04 SLS time delay = 2000 ms).
Page 379 Configuration 379 Relevant parameters for this configuration: • Deceleration time (drive parameter 23.13 Deceleration time 1) • SLS activation delay: 2000 ms (SLSx.04 SLS time delay = 2000 ms) • STO.14 Time to zero speed with STO and modoff: 2500 ms. Motor speed SLSx.04 Time...
Page 380 380 Configuration Example 3: The figure below shows an example of the SLS function with time monitoring when "Monitoring active and modoff delay time" (parameter SLSx.05) is selected: • Basic parametrization of the SLS function made according to chapter Configuring on page 362.
Page 381 Configuration 381 1. SLS request is activated (SLSx.11 SLS1 input A = DI X113:2 & X114:2). SLS time delay monitoring is started (SLSx.04 SLS time delay = 2000 ms). Deceleration to SLS limit speed is started (23.13 Deceleration time 1). 2.
Page 382 382 Configuration Motor speed STO.14 Time SLS indication Drive modulation SLS request SLSx.04 time delay monitoring STO.14 delay 1. SLS request is activated (SLSx.11 SLS1 input A = DI X113:2 & X114:2). SLS time delay monitoring is started (SLSx.04 SLS time delay = 2000 ms).
Page 383: Tion Ramp
Configuration 383  How to configure SLSn with ramp monitoring if drive modulation is lost during SLS deceleration ramp Example 1: The figure below shows an example of the modoff situation with SLS function with ramp monitoring when "Modoff delay time" (parameter SLSx.05) is selected: •...
Page 384 384 Configuration 1. SLS request is activated (SLSx.11 SLS1 input A = DI X113:2 & X114:2). SLS ramp monitoring is activated (SAR1). Parameter 200.202 SAR speed scaling 1500 rpm) is used as a reference point in ramp time calculations. Deceleration towards the SLS limit speed is started according to SAR1 parameters: •...
Page 385 Configuration 385 Relevant parameters for this configuration: • Scaling speed: 1500 rpm (200.202 SAR speed scaling = 1500 rpm) • Deceleration time and ramp monitoring according to SAR1 parameters • ramp time from Scaling speed to zero: 1000 ms (200.112 SAR1 ramp time to zero = 1000 ms) •...
Page 386 386 Configuration 2. Modulation is lost. Motor starts to coast to a stop. FSO stores last valid safe speed estimation value. SLS ramp monitoring limit (SAR1) is kept active also when modulation is lost. 3. Modulation of the drive has not returned. If SLSx.05 is set to Monitoring active, SAR1 monitoring limit hit is generated based on the last valid speed estimate of...
Page 387: Configuring Ssm
Configuration 387 Configuring SSM To configure the SSM function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter group SSMx page 435. You can use the SSM function either with a safety encoder or with a safe speed estimate.
Page 388: How To Configure Ssm
388 Configuration  How to configure SSM Example: The figure below shows an example of an SSM1 set-up. Only the positive SSM1 limit is configured. • SSM1 function activated (SSMx.01 SSM1 activity and version = Version 1) • redundant SSM activation button connected to input (SSMx.11 SSM1 input = DI X113:2 &...
Page 389: Configuring Sdi
Configuration 389 Configuring SDI To configure the SDI function, set the FSO parameters listed below to appropriate values using the Drive composer pro PC tool. See parameter group on page 431. This safety function requires that an encoder is used. Configure the encoder interface first (see section Configuring the safety encoder interface on page 313).
Page 390: How To Configure Sdi With Time Monitoring
390 Configuration  How to configure SDI with time monitoring Example: The figure below shows an example of an SDI positive function with time monitoring set-up: • Version 1 of SDI functions activated (SDI.01 SDI version = Version 1) • SDI positive function activated (SDI.02 SDI positive activity = Enabled) •...
Page 391: How To Configure Sdi With Ramp Monitoring
Configuration 391  How to configure SDI with ramp monitoring Example: The figure below shows an example of an SDI positive function with ramp monitoring set-up: • Version 1 of SDI functions activated (SDI.01 SDI version = Version 1) • SDI positive function activated (SDI.02 SDI positive activity = Enabled) •...
Page 392: Related Safety Functions
392 Configuration  Related safety functions The SDI functions use SAR1 parameters to monitor and/or define the deceleration ramp (SDI with ramp monitoring). See section Configuring SAR on page 361. The FSO module activates the STO function if the motor speed hits a ramp monitoring limit during the deceleration ramp (SDI with ramp monitoring).
Page 393: Configuring Mute Times
Configuration 393 Configuring mute times WARNING! The mute time increases the response time of the safety system. This must be considered in the design of the safety system. To minimize the effects of small transient variations in the speed measurement data, you can fine-tune the operation of the safety functions with mute time parameters.
Page 394: How To Configure Limit Hit Situations
394 Configuration following parameters: 1.1, 1.2, and 90.1. See drive firmware manual for more information. Motor torque FSO speed signals Motor speed estimate of the drive  How to configure limit hit situations Example 1: SMS trip limit hit This example covers trip limit situations of SMS function with synchronous machines. This example is valid when SMS-specific mute time is disabled (parameter FSOGEN.39) or if encoder is used.
Page 395 Configuration 395 negative SMS trip limit is set close to zero speed, there is an increased possibility that the error spike could cause an unnecessary trip. Speed FSOGEN.31 Time - - - Actual speed Safe speed estimate SMS trip limits Error spike caused by the starting of the synchronous motor, spike duration 50 ms.
Page 396 396 Configuration this example, SLS1 function is used. Function-specific mute time is set long enough to prevent the limit hit during acceleration. • parameter FSOGEN.38 Enable SLSx mute times = Enabled • parameter SLSx.17 Mute time for SLS1 = 1200 ms (function-specific) Speed SLSx.17 Time...
Page 397: How To Configure Mute Time For Zero Speed Detection
Configuration 397  How to configure mute time for zero speed detection Example 1: Zero speed limit is reached with the SS1 function (or SSE with emergency ramp), the SBC is not used. • With an encoder: parameter FSOGEN.32 Zero speed delay time = 20 ms •...
Page 398: How To Configure Mute Time For Sbc Speed Limit Detection
398 Configuration  How to configure mute time for SBC speed limit detection Example 1: SBC speed limit (parameter SBC.15) is reached with the SS1 function (or SSE with emergency ramp), a negative SBC delay (parameter SBC.12 STO SBC delay is configured with the SS1 function: •...
Page 399: How To Configure Mute Time For Monitoring Start
Configuration 399  How to configure mute time for monitoring start Example: The start of SLS monitoring in the SLS1 function In this example, SLS1 function is requested from a higher speed than the SLS trip limit. • With an encoder: parameter FSOGEN.33 Monitoring start delay = 20 ms •...
Page 400 400 Configuration...
Page 401: Fso-21 Parameters
This chapter describes the parameters and the status and control words of the FSO module. FSO-21 parameters The following table lists the FSO-21 parameters: The parameter row shows the parameter index, name, description and factory default value. The subsequent rows show the parameter value range or names, descriptions and numerical values of the selectable named alternatives.
Page 402 Description Factory default General drive safety parameters Safety 200.11 FS module type Module type indicator of the FSO module FSO-21 200.12 FS hardware FSO module hardware version indicator Shows the version current HW version 200.13 FS firmware version FSO module firmware version indicator...
Page 403 Parameters 403 Index Name/Value Description Factory default -35880.0 …0.0 rpm Speed 200.43 SLS3 limit positive Sets the SLS3 positive speed limit for the 0.0 rpm drive 0.0…35880.0 rpm Speed 200.51 SLS4 activity and Activates or deactivates the SLS4 function Disabled version and shows the version of the SLS4 function.
Page 404 404 Parameters Index Name/Value Description Factory default 200.73 SMS limit positive Sets the positive speed limit for the SMS 0.0 rpm function. Note: This parameter is used only in version 2 of the SMS function. 0.0…35880.0 rpm Speed 200.101 SAR0 version Shows the version of the SAR0 function.
Page 405 Parameters 405 Index Name/Value Description Factory default 200.223 Safety fieldbus Sets the slot in which the safety fieldbus FBA A adapter slot adapter is installed. Note: The slots on the drive control board are defined by drive parameters 50.01 (FBA A) and 50.31 (FBA B).
Page 406 406 Parameters Index Name/Value Description Factory default DO X113:9 & X114:9 Redundant output X113:9 & X114:9 DO X113:7 Single output X113:7 DO X113:8 Single output X113:8 DO X113:9 Single output X113:9 DO X114:7 Single output X114:7 DO X114:8 Single output X114:8 DO X114:9 Single output X114:9 FSOGEN.21 Motor nominal...
Page 407 Parameters 407 Index Name/Value Description Factory default FSOGEN.38 Enable SLSx mute Enables SLS-specific mute times which are Disabled times used in SLS limit hit situations. These mute times can be set with parameters SLSx.17, SLSx.27, SLSx.37, SLSx.47 and SLSx.57. These parameters are effective only with the safe speed estimate.
Page 408 408 Parameters Index Name/Value Description Factory default DI X113:3 Single input X113:3 DI X113:4 Single input X113:4 DI X114:1 Single input X114:1 DI X114:2 Single input X114:2 DI X114:3 Single input X114:3 DI X114:4 Single input X114:4 FSOGEN.51 Zero speed without Sets the zero speed limit for ramp stop 0.0 rpm encoder...
Page 409 Parameters 409 Index Name/Value Description Factory default FSOGEN.62 STO indication Sets the type of the event that the FSO Fault safety limit module generates for limit hits in the SLS1, …, SLS4 and SMS functions and for limit hits during ramp and time monitoring of safety ramps SAR0 and SAR1.
Page 410 410 Parameters Index Name/Value Description Factory default Manual_Safebus The FSO module expects an external STO acknowledgement signal either from a digital input or from the safety fieldbus after the STO, SSE or SS1 request has been removed and the stop function is completed (output defined by parameter FSOGEN.11 STO completed output...
Page 411 Parameters 411 Index Name/Value Description Factory default STO.13 Restart delay after Sets the time after which the 3,600,000 acknowledgement of the FSO module and restart of the drive are allowed after the FSO has activated the STO function and opened the drive STO circuit.
Page 412 412 Parameters Index Name/Value Description Factory default 0…3,600,000 ms Time STO.21 STO output Sets the digital output that indicates the None status of the STO function in the drive. Active when the STO circuit in the drive is open. Note: In a cascade connection, this indicates the activity of the STO function of the FSO module.
Page 413 Parameters 413 Index Name/Value Description Factory default Delayed brake Time controlled brake. Parameter SBC.12 STO SBC delay defines the delay. Speed limit The brake is activated below a user-defined speed limit (parameter SBC.14 STO SBC speed). Requires that an encoder is used. Note: If an encoder or FSE failure occurs, and the STO function is not active, the FSO module starts to use the Delayed brake...
Page 414 414 Parameters Index Name/Value Description Factory default SBC.13 SBC time to zero Sets the estimated time from the SBC 3,600,000 speed activation to the moment when the safety function is completed and the STO completed indication (parameter STO.22) goes on (ie, motor has stopped and the system can be set to a safe state).
Page 415 Parameters 415 Index Name/Value Description Factory default DO X113:8 & X114:8 Redundant output X113:8 & X114:8 DO X113:9 & X114:9 Redundant output X113:9 & X114:9 SBC.22 SBC feedback Sets the action that the FSO module takes No STO action when there is a problem with the SBC feedback.
Page 416 416 Parameters Index Name/Value Description Factory default Safebus The FSO module expects an external POUS acknowledgement signal from the safety fieldbus after the POUS request has been removed. Manual_Safebus The FSO module expects an external POUS acknowledgement signal either from a digital input or from the safety fieldbus after the POUS request have been removed.
Page 417 Parameters 417 Index Name/Value Description Factory default POUS.22 POUS completed Set the digital output that indicates the None output completion of the POUS function. Active after the time defined by parameter POUS.13 POUS delay for completion elapsed from the POUS request until the POUS request has been removed.
Page 418 418 Parameters Index Name/Value Description Factory default SSE.12 SSE input B Sets the digital input that is connected to the None secondary input of the SSE function. The secondary input is mostly used for the cascade connection. See parameters SAFEIO.12 Cascade A SAFEIO.13 Cascade None No input connected...
Page 419 Parameters 419 Index Name/Value Description Factory default 0…3,600,000 ms Time SSE.16 SSE ramp zero Sets an extra delay time for the drive STO 30,000 ms speed delay for STO (and SBC, if used) activation at the zero speed limit in the SSE with emergency ramp function.
Page 420 420 Parameters Index Name/Value Description Factory default DO X113:7 Single output X113:7 DO X113:8 Single output X113:8 DO X113:9 Single output X113:9 DO X114:7 Single output X114:7 DO X114:8 Single output X114:8 DO X114:9 Single output X114:9 Parameters for the SS1 function SS1.01 SS1 activity and Activates or deactivates the SS1 function Disabled...
Page 421 Parameters 421 Index Name/Value Description Factory default DI X114:1 Single input X114:1 DI X114:2 Single input X114:2 DI X114:3 Single input X114:3 DI X114:4 Single input X114:4 SS1.13 SS1 type Sets the SS1 type, that is, the method used SS1-r for the SS1 monitoring.
Page 422 422 Parameters Index Name/Value Description Factory default None No output connected DO X113:7 & X114:7 Redundant output X113:7 & X114:7 DO X113:8 & X114:8 Redundant output X113:8 & X114:8 DO X113:9 & X114:9 Redundant output X113:9 & X114:9 DO X113:7 Single output X113:7 DO X113:8 Single output X113:8...
Page 423 Parameters 423 Index Name/Value Description Factory default Safebus The FSO module expects an external SLS acknowledgement signal from the safety fieldbus. The FSO module accepts the acknowledgement after the SLS request has been removed and the SLS limit has been achieved (that is, SLS monitoring is on).
Page 424 424 Parameters Index Name/Value Description Factory default Modoff delay time If drive modulation is lost during the SLS deceleration ramp and the modulation does not return within SLSx.06 time, FSO activates STO. Note: If speed is below SLS limit (eg, 200.22), modoff is ignored.
Page 425 Parameters 425 Index Name/Value Description Factory default SLSx.12 SLS1 input B Sets the secondary digital input for the SLS1 None function. The secondary input is mostly used for cascade connection (only SLS1 can be cascaded). See parameters SAFEIO.12 Cascade A SAFEIO.13 Cascade None No input connected...
Page 426 426 Parameters Index Name/Value Description Factory default SLSx.16 SLS1 output B Sets the secondary digital output for the None SLS1 function. Active when SLS1 function is active and the motor speed is below the SLS1 limit (that is, when the SLS1 monitoring is on).
Page 427 Parameters 427 Index Name/Value Description Factory default SLSx.23 SLS2 trip limit Sets the SLS2 positive speed limit that trips 0.0 rpm positive the drive. 0.0…35880.0 rpm Speed SLSx.24 SLS2 output Sets the digital output for SLS2 function. None Active when SLS2 function is active and the motor speed is below the SLS2 limit (that is, when the SLS2 monitoring is on).
Page 428 428 Parameters Index Name/Value Description Factory default SLSx.34 SLS3 output Sets the digital output for the SLS3 function. None Active when SLS3 function is active and the motor speed is below the SLS3 limit (that is, when the SLS3 monitoring is on). None No output connected DO X113:7 &...
Page 429 Parameters 429 Index Name/Value Description Factory default SLSx.43 SLS4 trip limit Sets the SLS4 positive speed limit that trips 0.0 rpm positive the drive. Note: Variable SLS uses this limit as scaled. Defining the scaled SLS4 limit and SLS4 trip limits on page 370.
Page 430 430 Parameters Index Name/Value Description Factory default SLSx.57 Mute time for Sets the variable SLS specific mute time for 0 ms variable SLS limit hit situations. This parameter is effective only with the safe speed estimate. 0…10000 ms Parameters for the SMS function SMS.13 SMS trip limit Sets the negative speed limit that trips the 0.0 rpm...
Page 431 Parameters 431 Index Name/Value Description Factory default SARx.22 SAR1 max ramp Sets the maximum ramp time for the SAR1 1 ms time to zero ramp monitoring. 1…3,600,000 ms Time Parameters for the SDI functions SDI.01 SDI version Shows the version of the SDI functions (SDI Disabled positive and SDI negative).
Page 432 432 Parameters Index Name/Value Description Factory default Safebus The FSO module expects an external SDI acknowledgement signal from the safety fieldbus after the SDI request has been removed and the correct rotation direction has been achieved. Manual_Safebus The FSO module expects an external SDI acknowledgement signal either from a digital input or from the safety fieldbus after the SDI request has been removed and the correct...
Page 433 Parameters 433 Index Name/Value Description Factory default DI X113:3 & X114:3 Redundant input X113:3 & X114:3 DI X113:4 & X114:4 Redundant input X113:4 & X114:4 DI X113:1 Single input X113:1 DI X113:2 Single input X113:2 DI X113:3 Single input X113:3 DI X113:4 Single input X113:4 DI X114:1...
Page 434 434 Parameters Index Name/Value Description Factory default DO X114:9 Single output X114:9 SDI.31 SDI negative input A Sets the digital input connected to the SDI None primary input for negative rotation. None No input connected DI X113:1 & X114:1 Redundant input X113:1 & X114:1 DI X113:2 &...
Page 435 Parameters 435 Index Name/Value Description Factory default DO X113:7 & X114:7 Redundant output X113:7 & X114:7 DO X113:8 & X114:8 Redundant output X113:8 & X114:8 DO X113:9 & X114:9 Redundant output X113:9 & X114:9 DO X113:7 Single output X113:7 DO X113:8 Single output X113:8 DO X113:9 Single output X113:9...
Page 436 436 Parameters Index Name/Value Description Factory default SSMx.04 SSM4 activity and Activates or deactivates the SSM4 function Disabled version and shows the version of the SSM4 function. Disabled Deactivates the SSM4 function. Version 1 Activates version 1 of the SSM4 function. SSMx.11 SSM1 input Sets the digital input connected to the SSM1 None...
Page 437 Parameters 437 Index Name/Value Description Factory default None No input connected DI X113:1 & X114:1 Redundant input X113:1 & X114:1 DI X113:2 & X114:2 Redundant input X113:2 & X114:2 DI X113:3 & X114:3 Redundant input X113:3 & X114:3 DI X113:4 & X114:4 Redundant input X113:4 & X114:4 DI X113:1 Single input X113:1 DI X113:2...
Page 438 438 Parameters Index Name/Value Description Factory default DI X113:2 Single input X113:2 DI X113:3 Single input X113:3 DI X113:4 Single input X113:4 DI X114:1 Single input X114:1 DI X114:2 Single input X114:2 DI X114:3 Single input X114:3 DI X114:4 Single input X114:4 Always on The SSM3 function is always on.
Page 439 Parameters 439 Index Name/Value Description Factory default DI X114:4 Single input X114:4 Always on The SSM4 function is always on. SSMx.42 SSM4 limit negative Sets the negative speed limit for the SSM4 0.0 rpm function. -35880.0 …0.0 rpm Speed SSMx.43 SSM4 limit positive Sets the positive speed limit for the SSM4 0.0 rpm function.
Page 440 440 Parameters Index Name/Value Description Factory default Est switch not active With some restrictions, the FSO module load sends a warning to the drive and starts to use an estimated value of the motor speed until the failure is fixed. For more information, see section Motor speed feedback...
Page 441 Parameters 441 Index Name/Value Description Factory default 91.12 Module 1 location Sets the slot in which the safety encoder interface module is located. Slot 1 on the drive control board. Slot 2 on the drive control board. Slot 3 on the drive control board. Parameters for safety encoder 1 Encoder 1 configuration 92.01 Encoder 1 type...
Page 442 442 Parameters Index Name/Value Description Factory default SAFEIO.12 Cascade A Sets the cascade connection A for the FSO None module. For each FSO module in cascade A, the digital input connected to the safety function is also internally connected to the corresponding digital output of the FSO module (digital input ->...
Page 443 Parameters 443 Index Name/Value Description Factory default SAFEIO.21 Safety relay 1 output Sets the digital output connected to the None safety relay 1. To connect the safety relay to a certain safety function, you must set the same digital outputs in the output parameter for that safety function.
Page 444 444 Parameters Index Name/Value Description Factory default SAFEIO.24 Safety relay 2 output Sets the digital output for safety relay 2. None See also parameter SAFEIO.21 Safety relay output. Note: The output must always be redundant. Otherwise the feedback signal of the safety relay is not used (see SAFEIO.25 Safety relay 2...
Page 445 Parameters 445 Index Name/Value Description Factory default 50…59,000 ms Time SAFEIO.33 DI X113:1 diag pulse Sets the diagnostic pulse of digital input on/off X113:1 on or off. Diagnostic pulse off Diagnostic pulse on SAFEIO.34 DI X113:2 diag pulse Sets the diagnostic pulse of digital input on/off X113:2 on or off.
Page 446 446 Parameters Index Name/Value Description Factory default SAFEIO.53 DO X113:7 diag Sets the diagnostic pulse of digital output pulse on/off X113:7 on or off. Diagnostic pulse off Diagnostic pulse on SAFEIO.54 DO X113:8 diag Sets the diagnostic pulse of digital output pulse on/off X113:8 on or off.
Page 447 Parameters 447 Index Name/Value Description Factory default Active high Active state of the output is high voltage. SAFEIO.76 DO X114:9 logic Sets the logic state of digital output X114:9. Active low state Active low Active state of the output is low voltage. Active high Active state of the output is high voltage.
Page 448 448 Parameters Index Name/Value Description Factory default 0x222 PROFIsafe telegram 0x222 (546). Corresponds to profile ABB_PS2 in the GSD file. See section Downloading the GSD file on page 231. Note: This profile requires that an encoder is used.
Page 449: Status And Control Words
Parameters 449 Status and control words This table lists the FSO module and drive status and control words. You can view these in the ACS880/DCS880 parameter tab of Drive composer pro. WARNING! This data is purely informative. Do not use it for any functional safety purposes.
Page 450 450 Parameters Index Name/Value Description 200.04 FSO DO status Shows the states of the FSO digital outputs. Name Values Output X113:7 0 = Off, 1 = On Output X113:8 0 = Off, 1 = On Output X113:9 0 = Off, 1 = On Output X114:7 0 = Off, 1 = On Output X114:8...
Page 451 Parameters 451 Index Name/Value Description 200.07 FSO status word 1 Shows the FSO status word 1. Bit Name Values FSO mode bit 1 0 = Undefined 1 = Start-up mode FSO mode bit 2 2 = Running mode FSO mode bit 3 3 = Fail-safe mode 4 = Configuration mode FSO state bit 1...
Page 452 452 Parameters Index Name/Value Description 200.08 FSO status word 2 Shows the FSO status word 2. Bit Name Values Reserved SLS1 monitoring 0 = Off, 1 = On SLS2 monitoring 0 = Off, 1 = On SLS3 monitoring 0 = Off, 1 = On SLS4 monitoring 0 = Off, 1 = On Reserved...
Page 453 Parameters 453 Index Name/Value Description 200.09 Drive status word 1 Shows the drive status word 1. Bit Name Description Values Drive status bit 1 0 = Disabled 1 = Readyon Drive status bit 2 2 = Readyrun Drive status bit 3 3 = Starting Drive status bit 4 4 = Readyref...
Page 454 454 Parameters Index Name/Value Description 200.10 Drive status word 2 Shows the drive status word 2. Name Description Values Reserved SLS1 active State on the 0 = Off, 1 = On drive side SLS2 active 0 = Off, 1 = On SLS3 active 0 = Off, 1 = On SLS4 active...
Page 455: Start-Up
Start-up 455 Start-up Contents of this chapter This chapter describes the general precautions to be taken before starting up the safety system for the first time. Safety considerations The start-up must be done by a qualified electrical professional who has appropriate knowledge on functional, machine and process safety.
Page 456: Checks
456 Start-up Checks Before starting the system for the first time, make sure that • the installation has been checked, according to the individual product checklists (drive, safety component) and the checklists provided in this document (see chapter Installation checklists). •...
Page 457: Verification And Validation
Verification and validation 457 Verification and validation Contents of this chapter This chapter describes verification and validation of the implemented safety functionality. Verification and validation produce documented proof of the compliance of the implementation with specified safety requirements. Further information can be found in Technical guide No. 10 - Functional safety (3AUA0000048753 [English]).
Page 458: Preconditions For Validation Testing
458 Verification and validation Preconditions for validation testing Validation testing is done for the entire and complete safety system. It is recommended to do all the verification and validation tests so that the real load of the application is connected to the motor. The whole safety system (for example, emergency stop buttons, light curtains, etc.) must be installed, set-up, and the drives commissioned and ready to use before the safety system can be tested.
Page 459: Validation Test Reports
Verification and validation 459 The validation test must include at least the following steps: • preparing a validation test plan • testing all commissioned functions for proper operation in the final complete safety system • testing all used inputs for proper operation, also for the input redundancy. See also Validation of redundant inputs on page 464.
Page 460: Validation Of The Profisafe Connection
460 Verification and validation  Validation of the PROFIsafe connection Follow the steps below to validate the PROFIsafe connection: 1. Make sure that the PROFIsafe communication is enabled in FSO parameter 200.222 Safety bus type. 2. Make sure that the fieldbus module (FENA-21 or FPNO-21) is configured into use in the drive.
Page 461: Validation Of The Safety Encoder Interface
1. Make sure that the correct installation instructions are followed when installing the safety encoder (see the FSE module manual and the encoder manual). 2. Make sure that safety encoder is configured into use via FSO-21 parameters according to the instructions given in section...
Page 462 462 Verification and validation 7. Make sure that drive parameters 92.1, 92.2, 92.10,92.17, 91.11 and 91.12 match with the safety configuration of the FSO module (safety settings view) and that these parameters are locked by the FSO module in the drive parameter view. 8.
Page 463 Verification and validation 463 b) If you have configured FSE diagnostic failure reaction (S_ENCGEN.11) to be No STO: 1. Cause an encoder failure by disconnecting the one encoder signal channel wire from the FSE module. 2. Activate any safety function except POUS or SSM. 3.
Page 464: Validation Of Safety Functions
464 Verification and validation  Validation of safety functions Once the system is fully configured and wired for the safety functions, and the initial checks have been done, you must do the following functional test procedure for each safety function: 1.
Page 465: Validation Of Safety I/O's
Verification and validation 465  Validation of safety I/O’s The safety I/O configuration (SAFEIO.xx parameters) and functionality including the test pulsing must be verified according to the application requirements. If safety relay outputs and their feedbacks are used in the application, the related diagnostic functions must also be verified.
Page 466: Validation Of The Sto Function
466 Verification and validation  Validation of the STO function WARNING! Configure and validate the STO function independently and before other safety functions. General validation principles: • The STO function is the basic safety function. It must always be configured and validated before (and independent of) other safety functions.
Page 467 Verification and validation 467 • STO.14 Time to zero speed with STO and modoff. (This is the estimated time in which the motor coasts to a stop from the maximum process speed.) • If with safety encoder: FSOGEN.52 Zero speed with encoder.
Page 468: Validation Of The Sbc Function
468 Verification and validation  Validation of the SBC function SBC function always uses the drive STO. Drive STO is always activated immediately in the following cases/situations: • FSO STO function • SSE, when it is configured to be immediate STO •...
Page 469 Verification and validation 469 Validation of the speed limit activated SBC This feature is possible with: • the safe speed estimate with the SS1 or SSE ramp • the safety encoder with the SS1 or SSE ramp, and with the STO function. Procedure: 1.
Page 470: Validation Of The Sse Function
470 Verification and validation  Validation of the SSE function Always configure and validate the SSE function. Test the SSE function always with a separate function request, for example by activating it via a suitable input configured for the SSE. Internal diagnostics of the FSO module, trip limit hit cases and PROFIsafe passivation will trigger the SSE function even if you have not defined an external request signal for the SSE.
Page 471 Verification and validation 471 5. Activate the SSE function. For example, press the emergency stop button, which is wired to the FSO input for the SSE function. 6. Make sure that the drive STO is activated immediately after the SSE request. 7.
Page 472 472 Verification and validation b) With time monitoring: SSE.14 SSE monitoring method = Time SSE.15 SSE delay for STO. Indication: • SSE.21 SSE output • SSE.21 SSE completed output • FSOGEN.11 Stop completed output. 3. If you made any changes, download and validate the configuration with the Drive composer pro PC tool.
Page 473: Validation Of The Ss1 Function
Verification and validation 473  Validation of the SS1 function 1. Make sure that the input for the SS1 function is configured according to the wiring diagram. 2. Make sure that the SS1 function, and SAR1 setting or time monitoring limit is configured correctly according to your design.
Page 474 474 Verification and validation 3. If you made any changes, download and validate the configuration with the Drive composer pro PC tool. Note: SAR1 is common with the SS1, SLS and SDI functions. Any changes to the SAR1 values will have impact on these functions. 4.
Page 475: Validation Of The Sls Functions
Verification and validation 475  Validation of the SLS functions Note: STO and SSE validation test must always be done before SLS or any other validation tests. Follow these steps to validate all SLS functions (SLS1...4) that are used in the application.
Page 476 476 Verification and validation • SLSx.03 SLS activation monitoring method = Time • drive parameter 23.13 deceleration time 1 (or 23.15 deceleration time 2) • SLSx.04 SLS time delay. Indication: • SLSx.15 SLS1 output A • SLSx.16 SLS1 output B (only available for SLS1).
Page 477: Validation Of The Variable Sls Function
Verification and validation 477  Validation of the variable SLS function Note: STO and SSE validation and PROFIsafe interface validation must always be done before SLS or any other validation tests. Follow these steps to validate the variable SLS function: 1.
Page 478 478 Verification and validation 3. Check from the safety PLC project that variable SLS scaling is set correctly. Octet 3 for enabling the scaling: • bit 6 negative scaling • bit 7 positive scaling Octets 4 and 5 for the variable SLS speed scaling value. Test the variable SLS function as used in the application.
Page 479: Validation Of The Sms Functions
Verification and validation 479  Validation of the SMS functions WARNING! If the SMS validation is to be performed with the machinery coupled to the motor, make sure that the machinery is able to withstand the fast speed changes and the set maximum speed. Validation of the SMS functions, version 1 1.
Page 480 480 Verification and validation 2. Make sure that you can ran and stop the motor freely. 3. Start the drive and accelerate to a speed higher than the SMS limit positive (200.73). 4. Make sure that SMS function limits the motor speed to the required limit by the application.
Page 481: Validation Of The Pous Function
Verification and validation 481  Validation of the POUS function 1. Make sure that the input and output(s) for the POUS function are configured according to the wiring diagram. 2. Make sure that the POUS function is configured correctly according to your design.
Page 482: Validation Of The Ssm Functions
482 Verification and validation  Validation of the SSM functions Follow these steps to validate the SSM1...4 functions. Repeat the test procedure to all SSM functions that are in use. The SSM1 function is used later in this section as an example.
Page 483: Validation Of The Sdi Function
Verification and validation 483  Validation of the SDI function Note: STO, SSE and safety encoder and encoder interface validation tests must always be done before SDI or any other validation tests. Follow these steps to validate the SDI functions that are used in the application: 1.
Page 484 484 Verification and validation b) with time monitoring: SDI.10 SDI activation monitoring method = Time - drive parameter 23.13 deceleration time 1 (or 23.15 deceleration time 2) -SDI.12 SDI delay. Indication: • SDI.23 SDI positive output A • SDI.24 SDI positive output B •...
Page 485 Verification and validation 485 11. Make sure that you can run the motor only into the correct (negative) direction. 12. Deactivate the SDI negative request. Repeat the same procedure for reverse SDI direction if it possible and if it is in use in your application.
Page 486: Validation Of The Cascaded Safety Function
486 Verification and validation  Validation of the cascaded safety function Without a PROFIsafe communication bus, you can cascade only safety functions which have a primary and a secondary digital input: STO, SS1, SSE, SLS1, SDI positive and SDI negative. Repeat the cascading validation procedure to all cascaded safety functions in your application.
Page 487: Proof Test Intervals During Operation
Verification and validation 487 Proof test intervals during operation Proof tests are intended to ensure that the safety integrity of a safety system is maintained continuously and does not deteriorate over time. Proof tests are often required for mechanical brakes, for example. Proof tests are used mainly for parts of the system that cannot be automatically diagnosed.
Page 488 488 Verification and validation...
Page 489: Fault Tracing
The causes of most warnings and faults can be identified and corrected using the information in this chapter. If not, contact an ABB service representative. Warnings and faults are listed in separate tables. Each table is sorted by warning/fault code.
Page 490: Event Types
490 Fault tracing LED off LED lit and steady LED blinking The drive STO Green The drive STO circuit is closed circuit is open. and the drive is in operation. Safety Green FSO is ready to Green Safety communication start safety communication to the to the fieldbus communication...
Page 491: Faults, Warnings And Events
Name Cause What to do (hex) Faults 7A81 TUCSO fault FSO subsystem fault Contact your local ABB representative. 7A8B FSO general fault FSO module is in the See the warning log for more Configuration mode. information on the actual cause.
Page 492 Internal fault in the FSO Reboot the FSO module. If the 5) 3) module problem still exits, replace the FSO module. Contact your local ABB representative. A7D2 FSO IO fault Problems in the I/O Check the FSO I/O cabling. 4) 3)
Page 493 FSO module (switch the power off and on or use drive parameter 96.09 FSO reboot, see the drive firmware manual). • Make sure that cooling is sufficient. Contact your local ABB representative. A7DB FSO undefined FSO new version, Contact your local ABB...
Page 494 494 Fault tracing Code Name Cause What to do (hex) AA96 FSO out of SDI SDI positive or SDI Make sure that SDI tolerance values negative exceeded the are defined properly. tolerance limit to the Check limits of the drive.For example, forbidden direction.
Page 495 Fault tracing 495 Code Name Cause What to do (hex) AAA6 FSO SLS3 hit FSO module detected an Investigate the reason for trip from 2) 6) SLS3 speed trip limit the application point of view. If violation. application is OK, then make sure that SLS is configured properly.
Page 496 496 Fault tracing Code Name Cause What to do (hex) AAB1 FSO SDI negative SDI negative exceeded Make sure that SDI tolerance values the tolerance limit to the are defined properly. forbidden direction. Check limits of the drive. For example, see the usage of DC hold from the drive firmware manual.
Page 497 See the tips in the Drive Composer event an event other than a fault PC tool. or a warning. B792 FSO undefined FSO new version, Contact your local ABB event undefined event in the representative. drive event system. B793 FSE Ch1 diag Encoder failure.
Page 498 498 Fault tracing Code Name Cause What to do (hex) BA96 FSO out of SDI SDI positive or SDI Make sure that SDI tolerance values negative exceeded the are defined properly. tolerance limit to the Check limits of the drive. For forbidden direction.
Page 499 Fault tracing 499 Code Name Cause What to do (hex) BAA7 FSO SLS4 hit FSO module detected an Investigate the reason for trip from 2) 6) SLS4 speed trip limit the application point of view. If violation. application is OK, then make sure that SLS is configured properly.
Page 500 500 Fault tracing Code Name Cause What to do (hex) BAB2 FSO ramp time hit FSO module detected a Make sure that the drive can violation of a time decelerate the load within the time monitored ramp. defined for ramp time monitoring. •...
Page 501: User-Selectable Events For Function Requests
Fault tracing 501 allow the drive to control the system to a safe state. When the system is in the safe state, the drive trips. Fault indication is 7A8B FSO general fault. This is a user-selectable event for a safety fieldbus failure. See parameter SBUSGEN.10 STO indication passivation and section...
Page 502 502 Fault tracing Limit/Incident Events depending on the event type selection (parameter FSOGEN.62) Fault Warning Event SLS2 SLS2 limit hit AAA5 FSO SLS2 hit AAA5 FSO SLS2 hit BAA5 FSO SLS2 hit (warning) System at safe 7A91 FSO safe speed AA91 FSO safe speed BA91 FSO safe speed state...
Page 503 Fault tracing 503 Limit/Incident Events depending on the event type selection (parameter FSOGEN.62) Fault Warning Event SAR0 SAR0 limit hit AAA9 FSO SAR0 hit AAA9 FSO SAR0 hit BAA9 FSO SAR0 hit (warning) System at safe 7A92 FSO out of eme AA92 FSO out of eme BA92 FSO out of eme state...
Page 504: User-Selectable Events For Safety Fieldbus Failures
504 Fault tracing  User-selectable events for safety fieldbus failures The table below lists user-selectable events related to safety fieldbus failures. Incident Events depending on the event type selection (parameter SBUSGEN.10) Fault Warning Event Problem in the AAB6 FSO safebus AAB6 FSO safebus BAB6 FSO safebus safety fieldbus...
Page 505: Internal Fault
To recover from these situations, you may have to reboot the safety encoder (for example, by switching the power off and on). If FSO is not recovering from the fault, contact your local ABB representative.  Internal fault If there is an internal fault in FSO or FSE module that leads to a permanent defect, the module must be replaced.
Page 506 506 Fault tracing...
Page 507: Maintenance
Maintenance 507 Maintenance Contents of this chapter This chapter contains maintenance information related to the FSO module: • instructions for component replacement in the safety circuit (for example, replacement of the FSO or FSE module, control unit, memory unit, power unit, or FB module) •...
Page 508: Component Replacement In The Safety Circuit
508 Maintenance Component replacement in the safety circuit WARNING! During maintenance and repair, if the FSO module is removed, the functional safety of the machinery must be ensured by other means. Note: If the FSO module fails to operate, you have to replace it with a new one. The module is not repairable.
Page 509: Reinstalling The Fso Module To Another Drive
Maintenance 509 423. If you download an old configuration, the new parameters will get the default values. It is recommended to download, upload, and check the parameters. 6. Update the revision and the serial number of the new FSO module to the logbook of the driven machine.
Page 510: Replacing The Fb Module In Profisafe Network
FSO-21 module and FSE-31 module user's manuals. 3. Make sure that the safety encoder related parameter settings in FSO-21 module, for example, pulse count, are set according to the new encoder. 4. Do the start-up and validation procedures. See section Start-up and validation test on page 510.
Page 511: Factory Reset
Maintenance 511 Factory reset Do a factory reset if • you forget the password • you want to do the configuration again from scratch. Note: The factory reset clears the configuration and takes the factory default values back in use. These factory default values are not the same as the pre-set values in a delivered FSO (ordered with a plus code).
Page 512: Drive Control Board Boot
512 Maintenance Drive control board boot If you reboot the drive control board (for example, by cycling the power or with parameter 96.08 Control board boot (in DCS880 drives: 96.27 Control board boot)), the FSO module goes into the Fail-safe mode. To exit the Fail-safe mode: •...
Page 513 Maintenance 513 When you decommission the FSO or FSE module, make sure that the safety of the machine is maintained until the decommissioning is complete. Mark clearly on the module that it is decommissioned. If you use the SMS function, version 2, obey the instructions in section SMS function, version 2 on page 179.
Page 514 514 Maintenance...
Page 515: Technical Data
Technical data 515 Technical data Contents of this chapter This chapter contains the technical specifications of the FSO-21 module. Electrical data Supply voltage +24 ± 3 V DC (SELV/PELV) Current consumption Maximum 1000 mA (external power supply) Inputs 4 redundant or 8 single, or combinations of redundant and...
Page 516: Control Connection Data
516 Technical data Control connection data Logic levels “0” < 5 V, “1” > 15 V Digital input impedance 4 kohm Digital output capability 150 mA @ 20 V each, 700 mA @ 20 V total when all outputs are in use Max.
Page 517: Sto Cable And Data Cable Between Fso Module And Drive
Technical data 517 STO cable and data cable between FSO module and drive STO cable ABB recommends to use the cable included in the delivery. User-defined cable: • Max. length: 1 m (3.28 ft) • Use the connectors of the original STO cable. Tightening torque is 0.24 N·m (2.1 lbf·in).
Page 518: Compatible Motor Types
518 Technical data Compatible motor types Motor type Induction motor (IM), Permanent magnet motor (PM), Synchronous reluctance motor (SynRM), DC motor Motor control mode FSO can be used in Direct Torque Control (DTC) or scalar mode. Speed estimation Speed range Allowed range depends on the used motor.
Page 519: Safety Functions
Technical data 519 Operation Storage Transportation installed for in the protective in the protective stationary use package package Relative humidity 5…95%, no condensation allowed. If corrosive gases are present, the maximum allowed humidity is 60%. Contamination levels No contaminants, conductive dust or corrosive dust allowed. IEC 60721-3-x Use at least IP54 enclosure in an environment where conductive dust or corrosive dust exists.
Page 520: Safety Data
520 Technical data Safety data  General o determine the SIL/PL capability of the whole safety function where the FSO is included, the failure rates (PFD /PFH) of all components implementing the safety function (see the figure below) must be added. Switch, Drive Digital...
Page 521 PFDavg/PFH of the safety function fulfills the requirement for the targeted SIL/PL. For additional information on safety calculations, see standards EN ISO 13849-1, EN/IEC 62061, IEC 61508, IEC 61511, or ABB Drives Technical guide No. 10, Functional safety (3AUA0000048753 [English]).
Page 522: Basic Safety Data
 Basic safety data The FSO-21 module is a type B safety component as defined in IEC 61508-2. The FSO-21 data related to safety standards IEC 61508, EN/IEC 61800-5-2, EN ISO 13849-1, IEC 61511, and EN/IEC 62061 is listed below for the different subsystems within the FSO module.
Page 523: Pulse Encoder Interface Module
Technical data 523 1-ch. DO, 2-ch. DO, 1-ch. DO, 2-ch. DO, Speed Speed pulses pulses output estimate, measure- pulses pulses worst ment case with values FSE-31 PFH (1/h) 6.3E-10 1.7E-10 4.9E-09 2.2E-10 1.8E-11 1.0E-08 6.4E-08 (T1 = 20 a) 3.8E-07 1.5E-06 2.3E-06 2.4E-06...
Page 524: Fso Safety Calculations Guide (Without Profisafe)
SS1-t, SSE-t and SSE with immediate STO functions. Same approach for the logic subsystems applies in all safety functions below. Note: ABB's safety data component libraries do not contain any subsystems for external (non-ABB) components. Note: All safety functions in FSO can be activated either through safety IOs or...
Page 525 Drive STO Safely-limited speed (SLS) with encoder includes the following subsystems: safety encoder (not provided by ABB), FSE-31, FSO Digital input, FSO Logic (1 or 2), FSO STO output, FSO Digital output (optional), and Drive STO. Block diagram is equal to...
Page 526 526 Technical data POUS FSO Digital input FSO Logic (1 or 2) FSO STO output FSO Digital output (optional) Drive STO Prevention of unexpected start-up (POUS) includes the following subsystems: FSO Digital input, FSO Logic (1 or 2), FSO STO output, FSO Digital output (optional), and Drive STO.
Page 527 Drive STO Safe brake control (SBC) includes the following subsystems: FSO Logic 2, FSO STO output, FSO Digital output, Contactor 1 and 2 (can be provided by ABB), and Drive STO. Note: SBC is used together with other safety functions, and a triggering subsystem...
Page 528 FSO Digital output Safe speed monitor (SSM) with encoder includes the following subsystems: safety encoder (not provided by ABB), FSE-31, FSO Digital input (optional), FSO Logic (1 or 2), and FSO Digital output. Note: This safety function, SSM with encoder, can be configured so that it is always...
Page 529: Fso Safety Calculations Guide (With Profisafe)
In this case, FSE-31 subsystem should be added in the calculation.  Safety data for some typical configurations The tables below show FSO-21 safety data for some safety functions with typical combinations of the FSO module subsystems. See section Basic safety data page for more information on the subsystems.
Page 530 530 Technical data Subsystems HFT SIL MTTF Cat. PL used in the (1/h) safety function (T1 = 20 a) (T1 = 2 a) (T1 = 5 a) (T1 = 20 a) 1-channel non- pulsed DI Logic STO-output 2.6E-08 1.5E-04 2.9E-04 5.8E-04 93.8 83.7...
Page 531: Relevant Failure Modes
1) Lowest subsystem SFF 2) Lowest subsystem DC  Relevant failure modes The following failure modes related to the outputs of the FSO-21 with or without FSE-31 have been considered in the design: • STO output • PROFIsafe • Digital outputs.
Page 532: Response Times
(FPNO or FENA), FSO, FSE and drive combination is 100 ms. DCS880 drives: Maximum response time is 550 ms. Note: Mute time usage increases the response time. FSO-21 response time • from an FSO input to an FSO digital Maximum 35 ms output activation Cascade response time •...
Page 533 Technical data 533 Example 1 - Response times STO request from I/O or PROFIsafe 54 ms PROFIsafe STO ack. (WCDT) 35 ms DO activation 100 ms Removal of torque (Drive) Time 0 ms 100 ms Note: The values shown above are applicable to ACS880 drives. The maximum response time for DCS880 drives is 550 ms.
Page 534: Ordering Information
534 Technical data Ordering information Ordering codes for related kits: FSO-21 kit 3AXD50000023987 FSE-31 kit 3AXD50000023272 FENA-21 3AUA0000089109 FPNO-21 3AXD50000192779 Option codes (plus codes) when ordered together with drive: FSO-21 +Q972 FSE-31 kit +L521 FENA-21 +K475 FPNO-21 +K492...
Page 535: Related Standards And Directives
Technical data 535 Related standards and directives Referenced standards are listed in the table below. Standard Name EN 60204-1:2018 Safety of machinery – Electrical equipment of machines – Part 1: IEC 60204-1:2016 General requirements IEC 61508 Parts 1-3, Functional safety of electrical/electronic/programmable electronic Ed.
Page 536 536 Technical data...
Page 537: Dimension Drawings
Dimension drawings 537 Dimension drawings The dimension drawings of the FSO-21 module with two different bottom plates for different drive control unit types are shown below. The dimensions are given in millimeters and [inches].
Page 538 538 Dimension drawings...
Page 539: Further Information
Address any inquiries about the product to your local ABB representative, quoting the type designation and serial number of the unit in question. A listing of ABB sales, support and service contacts can be found by navigating to abb.com/searchchannels. Product training For information on ABB product training, navigate to new.abb.com/service/training.

ABB FSO-21 User Manual

1 Safety Instructions

2 Introduction to the Manual

3 Safety Information and Considerations

4 Overview

5 Safety Functions

6 Profisafe

7 Planning for Installation

8 Installation

9 Installation Checklists

10 Configuration

11 FSO-21 Parameters

12 Start-Up

13 Verification and Validation

14 Fault Tracing

Quick Links

Related Manuals for ABB FSO-21

Summary of Contents for ABB FSO-21