Sto Properties - Danfoss iC7 Series Operating Manual

Operating Guide | iC7 Series Functional Safety
The prevention of unintended restart after STO deactivation does not fulfill a SIL 2 or SIL 3 requirement. This applies when
configuring manual restart using the parameter 7.3.1 Safe Torque Off Response.
If unintended restart is critical to the installation, this has to be controlled by the use of STO, both after STO activation and at
l
normal startup scenarios, for example after normal power cycle.
The default restart behavior is set to Manual. Before switching to Automatic, ensure that requirements of EN ISO 12100:2011
l
paragraph 6.3.3.2.5 are fulfilled.
1.
Reapply 24 V DC supply to safe inputs.
2. Give a reset signal via fieldbus, digital I/O, or the control panel.
Set the STO function to Warning by setting the value of parameter 7.3.1 Safe Torque Off Response from the default
value Fault (manual reset) to Warning (automatic reset). Warning means that STO is terminated and normal operation is
resumed, when the 24 V DC is applied to safe inputs. No reset signal is required.

STO Properties

3.3.5
For flexible adaptation to the safety system, the safe inputs contain the following properties:
Galvanic isolation of terminals: The functional safety I/O terminal blocks on the control board have separate, galvanically isolated
l
inputs to allow, for example, interchanging of the polarities of the safe input terminals as shown in
Test pulse filtering: Several control modules test their safe outputs using Test Pulse Pattern (on/off tests) to identify faults due to
l
either short- or cross-circuiting. When interconnecting the safe input of the drive with a safe output of the control module, the drive
responds to the test signals. A signal change during a test pulse pattern is configured with parameter Stable Signal Time (range 1–
5000 ms). Test pulses of the length configured in parameter Stable Signal Time are ignored on the safe input lines. It is also possible
to filter short pulses, which could lead to safety functions being activated incorrectly.
See 4.2 General Functional Safety Parameters
The stable signal time extends the safety function response time. The safety function is activated after the response time has
l
expired.
If the signal to the safety input is not stable, the drive responds with a fault.
l
2 ms max.
STO Ch. A/B
STO function
Active
Inactive
Figure 2: Test Pulse Filtering
14 | Danfoss Drives Oy © 2024.09
for more information on parameter Stable Signal Time.
Test pulse STO demanded
Time
Debounce time
Time
NOTICE
CAUTION
NOTICE
iC7 Functional Safety
Figure 6 and Figure 7.
AQ477043679710en-000102 / 172K2965A