Safety Function Fault Recovery - Danfoss iC7 Series Operating Manual
Air-cooled and liquid-cooled system modules
Hide thumbs
Also See for iC7 Series:
- Application manual (382 pages) ,
- Design manual (224 pages) ,
- Operating manual (82 pages)
Table of Contents
Advertisement
Operating Guide | iC7 Series Functional Safety
Table 14: Instances of STO Feedback for Systems with Modular Control
State
Bootloader and startup
Internal failure
Internal fatal failure
1) Energized: STO_FB+ ⇨ STO_FB- circuit closed = current flow = logical "0" with low side driver configuration. De-energized: STO_FB+ ⇨ STO_FB- circuit open = no current flow =
logical "1" with low side driver configuration.
Safety Function Fault Recovery
9.3
A fault in a safety circuit can lead to safe state or fail-safe state activation. STO activation is determined by the event list in MyDrive®
Insight and on the control panel.
With a fail-safe state, STO is activated, and a relevant fault code is shown. Reset the fault before performing normal operation.
1.
Check the reason for the event in the MyDrive® Insight event log.
2.
Refer
to 9.4 Event
List for instructions on how to repair the cause of the fault.
3.
Reset the fault.
–
If the fault is configured to direct restart: By deactivating the Emergency Stop button, the motor becomes operational and
runs within the original speed range.
–
If the drive stays in a non-operating state after removing the fault, check the event log in MyDrive® Insight.
–
If safe or non-safe acknowledgment is required, perform the acknowledgment via a configured channel by sending an
acknowledgment signal via fieldbus, digital I/O, or the control panel.
The acknowledgment is configured in safety parameters.
If a failure in the safety system or a safety function prevents fault recovery, contact a local Danfoss representative. Provide the
commissioning report of the safety parameter configuration. For more information, see the MyDrive® Insight documentation.
36
| Danfoss Drives Oy © 2024.09
(continued)
(1)
Feedback state
De-energized
De-energized
De-energized
Additional information
The bootloader does not communicate and does not
know the state of the STO output on the power units.
At startup, the communication is not yet established
and the safe input card does not know the state of the
safe output on the power units.
Indicates a severe issue, for example in the STO cir-
cuitry. It cannot be assumed that the Safety IO knows
that all STO outputs are de-energized.
Triggered when a fatal internal issue has occurred, for
example, a CPU or RAM fault. The operation cannot be
guaranteed, and it cannot be assumed that the safe
outputs can be de-energized.
AQ477043679710en-000102 / 172K2965A
Troubleshooting
Advertisement
Table of Contents
Need help?
Do you have a question about the iC7 Series and is the answer not in the manual?