Safe Torque Off (Sto); Sto Activation; Configuring Restart And Acknowledgment Behavior - Danfoss iC7 Series Operating Manual

Operating Guide | iC7 Series Functional Safety
SIL 3 in IEC 61508 and EN 61800-5-2
l
The system modules are fitted with a dual-channel, galvanically isolated input, and an STO feedback signal for diagnostic purposes.
A safety function is active if 1 or both of the safety inputs are not connected to a +24 V signal. The drive is not able to go to the RUN state.
For more information, see Table
All control inputs and outputs are galvanically isolated from supply voltage (PELV) and other high-voltage terminals, unless otherwise
specified.

Safe Torque Off (STO)

3.3.2
Select and apply the components in the safety control system appropriately to achieve the required level of operational
l
safety. Before integrating and using STO in an installation, carry out a thorough risk analysis on the installation to determine
whether the STO functionality and safety levels are appropriate and sufficient.
The Safe Torque Off (STO) function is a component in a safety control system. STO prevents the unit from generating the power required
to rotate the motor.
The iC7 drives are available with:
Safe Torque Off (STO), as defined by EN IEC 61800-5-2:2017
l
Stop category 0, as defined in EN IEC 60204-1:2018.
l
The STO function is available for iC7 drives with functional safety plus code +BEF2. Specific hardware revisions are listed in the appendix
of the functional safety certificate.

STO Activation

3.3.3
The STO function is activated by 1 of the following reasons:
An external request.
l
A violation of another safety function.
l
A fault detected by the internal diagnostics.
l
The Safe Stop 1 (SS1-t) function activates the STO function when an application-specific time delay has passed (time monitoring).
Use the STO function to stop the drive in a situation where a safety function is required. In normal operating mode when STO is not
required, use the standard stop function instead.

Configuring Restart and Acknowledgment Behavior

3.3.4
Safety functions can be set up to require an acknowledgment to safety-related events. These events include the power-up of the device,
or the disengagement of a safety function.
The configuration options are:
Direct restart: Transitioning to the operational state does not require any action.
l
Nonsafe Acknowledge required: Acknowledgment through a selected non-safe input is required.
l
Safe Acknowledge required: Acknowledgment through a selected safe input is required.
l
If the problem persists and the device stays in error mode, contact Danfoss.
IMPORTANT:
Danfoss Drives Oy © 2024.09
14.
NOTICE
iC7 Functional Safety
AQ477043679710en-000102 / 172K2965A | 13