Ic7 Functional Safety; Safe Torque Off (Sto); Sto Activation; Automatic/Manual Restart Behavior - Danfoss iC7 Series Operating Manual

iC7 Series Functional Safety
Operating Guide

3 iC7 Functional Safety

3.1 Safe Torque Off (STO)

Select and apply the components in the safety control system appropriately to achieve the required level of operational safety.
Before integrating and using STO in an installation, carry out a thorough risk analysis on the installation to determine whether the
STO functionality and safety levels are appropriate and sufficient.
The Safe Torque Off (STO) function is a component in a safety control system. STO prevents the unit from generating the power
required to rotate the motor.
The iC7 drives are available with:
• Safe Torque Off (STO), as defined by EN IEC 61800-5-2:2017.
• Stop category 0, as defined in EN IEC 60204-1:2018.
The STO function is available for iC7-Automation drives with functional safety option code +BEF1. Specific hardware revisions are
listed in the appendix of the functional safety certificate.

3.2 STO Activation

The STO function is activated by removing the voltages at the STO inputs of the frequency converter. By connecting the frequency
converter to external safety devices providing a safe delay, an installation for a Safe Stop 1 can be obtained. External safety devices
must fulfill the required Cat./PL or SIL when connected to STO inputs.
With default settings, the frequency converter issues a fault, trips the unit and coasts the motor to a stop, when the STO function is
activated. Manual restart is required.
Use the STO function to stop the frequency converter in situation, where a safety function is required. In normal operating mode
when STO is not required, use the standard stop function instead.

3.3 Automatic/Manual Restart Behavior

The STO default state prevents unintended restarts (Restart Prevention Behavior).
The prevention of unintended restart after STO deactivation does not fulfill a SIL 2 or SIL 3 requirement. If unintended restart is
critical to the installation, this has to be controlled by the use of STO, both after STO activation and at normal start-up scenarios,
for example after normal power cycle.
The default restart behavior is set to Manual. Before switching to Automatic, ensure that requirements of EN ISO 12100:2011
paragraph 6.3.3.2.5 are fulfilled.
Terminating STO and Resuming Normal Operation
1. Reapply 24 V DC supply to STO inputs.
2.
Give a reset signal (via bus, digital I/O, or the control panel.
Set the STO function to automatic restart by setting the value of parameter 7.2.1 Safe Torque Off Response from default
value Fault (manual reset) to value Warning (automatic reset).
Automatic reset means that STO is terminated and normal operation is resumed, when the 24 V DC is applied to STO
inputs. No reset signal is required.

3.4 System Configuration Security

iC7 drives are equipped with a hardware security chip, and the application software includes both mandatory and configurable se-
curity features that prevent unauthorized access to the drive, ensure secure connectivity to the drive, and protect the drive against
unauthorized software modifications.
For more details on the security features included in the application software, refer to application software documentation.
8 | Danfoss A/S © 2023.03
N O T I C E
N O T I C E
C A U T I O N
iC7 Functional Safety
AQ319741840653en-000201 / 136R0268