Download
Share
Print this page
Emerson PACSystems VersaSafe VERSAPOINT IC220SDL953 User Manual
  1. Manuals
  2. Brands
  3. Emerson Manuals
  4. Protection Device
  5. PACSystems VersaSafe VERSAPOINT IC220SDL953
  6. User manual
Emerson PACSystems VersaSafe VERSAPOINT IC220SDL953 User Manual

Emerson PACSystems VersaSafe VERSAPOINT IC220SDL953 User Manual

Hide thumbs

Advertisement

Quick Links

Download this manual
User Manual
GFK-2731A
Jan 2020
PACSystems
VersaSafe
TM
SAFE LOGIC MODULE, SAFE OUTPUT, 24 VDC, 8 PT USER MANUAL
TM
VERSAPOINT
MODULE: IC220SDL953

Advertisement

loading
Need help?

Need help?

Do you have a question about the PACSystems VersaSafe VERSAPOINT IC220SDL953 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Emerson PACSystems VersaSafe VERSAPOINT IC220SDL953

Summary of Contents for Emerson PACSystems VersaSafe VERSAPOINT IC220SDL953

  • Page 1 User Manual GFK-2731A Jan 2020 PACSystems VersaSafe SAFE LOGIC MODULE, SAFE OUTPUT, 24 VDC, 8 PT USER MANUAL VERSAPOINT MODULE: IC220SDL953...

  • Page 2: Table Of Contents

    User Manual Contents GFK-2731A Jan 2020 Contents Chapter 1: For your safety ............1 General safety notes .................... 1 Electrical safety ....................3 Safety of the machine or system ................4 Safety for starting applications ................5 Directives and standards..................5 Correct usage ......................
  • Page 3 User Manual Contents GFK-2731A Jan 2020 Assembly and removal ..................23 4.1.1 Unpacking the module ................23 4.1.2 General ....................23 4.1.3 Setting the DIP switches ................24 4.1.4 Assembly and removal of the safety module ..........26 Electrical installation ..................28 4.2.1 Electrical installation of the VersaPoint station ........
  • Page 4 User Manual Contents GFK-2731A Jan 2020 Decommissioning and disposal ................. 62 Chapter 10: Technical data and ordering data ......63 10.1 System data ...................... 63 10.1.1 VersaPoint ....................63 10.1.2 VersaSafe system ..................63 10.2 IC220SDL953 ....................63 10.2.1 General data ................... 63 10.2.2 Mechanical requirements ................
  • Page 5 User Manual Contents GFK-2731A Jan 2020 A-5.1 Structure of the process image ..............84 A-5.2 Description of the registers ..............87 Implementation of data flow between the standard controller and the safety modules 93 A-6.1 Implementation of data flow with a function block ........93 A-6.2 Implementation of data flow without a function block......
  • Page 6 User Manual Contents GFK-2731A Jan 2020 B-2.2 Assembly and electrical installation ............116 B-2.3 Startup ....................117 B-2.4 Validation ..................... 118 Contents...
  • Page 7 Changes, modifications, and/or improvements to equipment and specifications are made periodically and these changes may or may not be reflected herein. It is understood that Emerson may make changes, modifications, or improvements to the equipment referenced herein or to the document itself at any time.

  • Page 8: Chapter 1: For Your Safety

    User Manual Chapter 1 GFK-2731A Jan 2020 Chapter 1: For your safety Purpose of this manual The information in this document is designed to familiarize you with how the IC220SDL953 safety module works, its operating and connection elements, and its parameter settings.
  • Page 9 Repair work may not be carried out on the safety module. any repairs In the event that an error cannot be removed, please contact Emerson immediately, engage a service engineer, or send the faulty module directly to Emerson. Do not open the It is strictly prohibited to open the safety module housing.

  • Page 10: Electrical Safety

    User Manual Chapter 1 GFK-2731A Jan 2020 Electrical safety WARNING Hazardous body currents and the loss of functional safety Disregarding instructions for electrical safety may result in hazardous body currents and the loss of functional safety. In order to ensure electrical safety, please observe the following points. Direct/indirect contact Ensure that all components connected to the system are protected against direct and indirect contact according to...

  • Page 11: Safety Of The Machine Or System

    User Manual Chapter 1 GFK-2731A Jan 2020 Installation and Please observe the instructions for installing and configuration configuring the system (see "Documentation" on page 6.). WARNING Depending on the application, incorrect handling of the safety module can pose serious risks for the user When working with the safety module within the VersaSafesystem, please observe all the safety notes included in this section.

  • Page 12: Safety For Starting Applications

    For the standards observed by the module, please refer to the certificate issued by the approval body and the EC declaration of conformity. These documents are available on the Internet at http://www.Emerson.com/Industrial-Automation-Controls. For your safety...

  • Page 13: Correct Usage

    Latest documentation Make sure you always use the latest documentation. Changes or additions to this document can be found on the Internet at http://www.Emerson.com/Industrial- Automation-Controls. VersaSafe system When working on the VersaSafe system and its components, you must always keep this user manual and other items of product documentation to hand and observe the information therein.

  • Page 14: Abbreviations Used

    User Manual Chapter 1 GFK-2731A Jan 2020 For VersaSafe system I/O modules — For VersaSafe system function blocks — Please also observe the relevant information about the bus system used. VersaPoint product GFK-2736 range Automation terminals of the VersaPoint product range (configuration and installation) Documentation for the Network Interface Unit (NIU) used.

  • Page 15: Chapter 2: Product Description

    User Manual Chapter 2 GFK-2731A Jan 2020 Chapter 2: Product description Note about the system description The VersaSafe system is described in "Appendix: The VersaSafe system" on page 73. In the description of the IC220SDL953 safety module, it is assumed that you are familiar with the VersaSafe system.

  • Page 16: Structure Of The Safety Module

    User Manual Chapter 2 GFK-2731A Jan 2020 Structure of the safety module Figure 1 Structure of the safety module 1. Data jumpers (local bus) 2. Electronics base with labeling including version designation hardware/firmware/firmware (not shown) 3. Switch for setting the transmission speed and operating mode 4.

  • Page 17: Housing Dimensions

    User Manual Chapter 2 GFK-2731A Jan 2020 Housing dimensions Figure 2 Housing dimensions (in mm) Safe digital outputs The safety module has safe positive switching digital outputs, which can be used as follows: • For two-channel assignment: Four two-channel outputs —...
  • Page 18 User Manual Chapter 2 GFK-2731A Jan 2020 For information about parameterization, please refer to "Parameterization of the safe outputs" on page 32. Diagnostics Diagnostics are provided via both the local diagnostic indicators and the diagnostic messages, which are transmitted to the controller.

  • Page 19: Connection Options For Actuators Depending On The Parameterization

    User Manual Chapter 2 GFK-2731A Jan 2020 • Use reliable components. These include, for example: Control contactors according to EN 60947-4-1 — Power contactors — Relays with positively driven contacts according to DIN EN — 50205 • Use relays or contactors with positively driven N/C contacts to safely monitor the state (pick-up, drop-out).

  • Page 20: Local Diagnostic And Status Indicators

    User Manual Chapter 2 GFK-2731A Jan 2020 Local diagnostic and status indicators Figure 3 Local diagnostic and status indicators of the IC220SDL953 module Table 3 Local diagnostic and status indicators Green LED Diagnostics OFF: Communications power is not present Flashing at Communications power present, local bus not active 0.5 Hz: Flashing at 4...
  • Page 21 User Manual Chapter 2 GFK-2731A Jan 2020 Hardware fault The output drivers are reset, there is no communication to the satellites Impermissible switch position The module will respond to certain impermissible switch positions by entering the failure state immediately after power up.

  • Page 22: Safe State

    User Manual Chapter 2 GFK-2731A Jan 2020 Safe state The safe state for the module is the low state at the output terminals (see "Safe digital outputs" on page 10). The safe state can be entered in the following cases: 1.

  • Page 23: Device Errors

    User Manual Chapter 2 GFK-2731A Jan 2020 2.8.3 Device errors Outputs If a hardware fault in the internal circuit is detected at an output, all module outputs are disabled ("0" = OFF = safe state). The relevant diagnostic message is transmitted to the controller (see "Safe digital output errors"...

  • Page 24: Process Data Words

    User Manual Chapter 2 GFK-2731A Jan 2020 Important Exception: If an output is operated in stop category 1 and this output is within the switch-off delay time, then another instance of faulty parameterization results in the entire module switching to the safe state only once the switch-off delay time has elapsed This is a sample text to show how Important or Tip messages are presented.

  • Page 25: Chapter 3: Versapoint Potential And Data Routing, And Versapoint Connectors

    User Manual Chapter 3 GFK-2731A Jan 2020 Chapter 3: VersaPoint potential and data routing, and VersaPoint connectors VersaPoint potential and data routing For operation, the safety module must be integrated in a VersaPoint station within the Ver- saSafe system. The bus signals are transmitted via the VersaPoint data jumpers. The required supply volt- ages are transmitted via the VersaPoint potential jumpers.

  • Page 26: Supply Voltage U M

    User Manual Chapter 3 GFK-2731A Jan 2020 Supply voltage U Feed in the supply voltage at a bus coupler or a power terminal. It is made available to the safety module via the VersaPoint potential jumper U WARNING Loss of the safety function when using unsuitable power supplies For the voltage supply at the bus coupler or power terminal, please note: Only power supplies according to EN 50178/VDE 0160 (PELV) may be used.

  • Page 27: Terminal Point Assignment

    User Manual Chapter 3 GFK-2731A Jan 2020 WARNING Loss of functional safety due to parasitic voltages Feed in the supply voltages U and U at a bus coupler and/or a power terminal from the same power supply unit, so that the loads of IC220SDL953 are not affected by parasitic voltages in the event of an error.
  • Page 28 User Manual Chapter 3 GFK-2731A Jan 2020 Table 5 Terminal point assignment for connector 1 Terminal point Signal Channel assignment OUT0_Ch1 Output 0, channel 1 OUT0_Ch2 Output 0, channel 2 Not used Not used 0 V (GND) Channel 1 and channel 2 Table 6 Terminal point assignment for connector 2 Terminal point Signal...
  • Page 29 User Manual Chapter 3 GFK-2731A Jan 2020 Terminal point Signal Channel assignment 0 V (GND) Channel 1 and channel 2 0 V (GND) Channel 1 and channel 2 WARNING Loss of functional safety due to parasitic voltages Connect the ground of the actuator to the ground terminal point of the corresponding output on the VersaPoint connector.

  • Page 30: Chapter 4: Assembly, Removal, And Electrical Installation

    User Manual Chapter 4 GFK-2731A Jan 2020 Chapter 4: Assembly, removal, and electrical installation Assembly and removal 4.1.1 Unpacking the module The module is supplied in an ESD box together with a package slip with installation instructions. Please read the complete package slip carefully. The module may only be installed and removed by qualified personnel.

  • Page 31: Setting The Dip Switches

    User Manual Chapter 4 GFK-2731A Jan 2020 4.1.3 Setting the DIP switches Important Set the DIP switches accordingly for your application before assembling the module in a VersaPoint station. The switches cannot be accessed when the safety terminal is in- stalled in the VersaPoint station The module has a 2-pos.
  • Page 32 User Manual Chapter 4 GFK-2731A Jan 2020 Right switch: Select VersaSafe: mode Mode Figure 7 VersaSafe operating mode Mode Operating mode VersaSafe 16 words VersaSafe 24 words Important As soon as more than three satellites are connected to one IC220SDL953, a data width of 24 words is required. In this case, set Mode 2.

  • Page 33: Assembly And Removal Of The Safety Module

    User Manual Chapter 4 GFK-2731A Jan 2020 Table 10 Switch position for VersaSafe 24 words VersaSafe 24 words Address switch Mode switch Island number Reserved Mode 2 to 31 Table 11 Switch position for VersaSafe multiplexer VersaSafe multiplexer Mode Address switch switch Island number Reserved...
  • Page 34 User Manual Chapter 4 GFK-2731A Jan 2020 Important Ensure that all featherkeys and keyways on adjacent terminals are securely interlocked. Figure 8 Snapping on the safety module base • Check that all the snap-on mechanisms are securely snapped into place. –...

  • Page 35: Electrical Installation

    User Manual Chapter 4 GFK-2731A Jan 2020 Figure 10 Removing the connector • Release the base by pressing on the front and back snap- – Remove base on mechanisms (A) and pull it out perpendicular to the DIN rail (B). Figure 11 Removing the safety module base Electrical installation WARNING...

  • Page 36: Electrical Installation Of The Versapoint Station

    Push a screwdriver into the slot of the appropriate terminal point (Figure 12, detail 1), so that you can insert the wire into the spring opening. Emerson recommends the SZF 1 - 0.6X3.5 screwdriver. • Insert the wire (Figure 12, detail 2). Remove the screwdriver from the opening. This clamps the wire.
  • Page 37 User Manual Chapter 4 GFK-2731A Jan 2020 Figure 12 Connecting unshielded cables • Insert the assembled connectors in the corresponding module slot (see "Terminal point assignment" on page 20). • Label all connections to prevent connections to the VersaPoint connectors being mixed up (see GFK-2736 user manual).

  • Page 38: Chapter 5: Parameterization Of The Safety Module

    User Manual Chapter 5 GFK-2731A Jan 2020 Chapter 5: Parameterization of the safety module Parameterization of the safety module in a Versa-Safe system Important For information about the configuration and parameterization of the VersaSafe system, please refer to "Configuration and parameterization using the VersaConf Safety tool" on page 31.

  • Page 39: Parameterization Of The Safe Outputs

    User Manual Chapter 5 GFK-2731A Jan 2020 Important For information about downloading, please refer to "Downloading the configuration and parameter data record following power up" on page 98. The supply voltage must be present and the local bus must be in the RUN state when downloading.
  • Page 40 User Manual Chapter 5 GFK-2731A Jan 2020 Table 12 Parameterization of outputs Parameterization Value range Remark OUT0 - OUT3 Assignment Not assigned The outputs that are not assigned are disabled. However, the monitoring of these outputs remains Assigned active. Output Single-channel In two-channel operation, the assignment of the outputs to one another is specified and cannot be...

  • Page 41: Behavior Of The Outputs In The Event Of Enabled Switch-Off Delay For Stop Category

    User Manual Chapter 5 GFK-2731A Jan 2020 Test pulses Important Note on test pulses If the test pulses are disabled, cross circuits and short circuits cannot be detected. Regardless of the parameterization selected under "Test impulses (output switched off)", the outputs parameterized as "Not assigned" are tested by test pulses.
  • Page 42 User Manual Chapter 5 GFK-2731A Jan 2020 Switching off of outputs Switching off of outputs Influence of parameterized switch-off delay After a bus error — Once the parameterized switch-off delay has elapsed After a short circuit, cross circuit, — Immediately (only stop category 0) failure of the supply voltage, or hardware fault After time monitoring has been...

  • Page 43: Chapter 6: Connection Examples For Safe Outputs

    The following examples only describe the options for the electrical connection of controlled devices/actuators to the safe outputs. Should you have any questions regarding applications to be implemented, please contact the Emerson. The following are specified for each example: Basic specifications —...

  • Page 44: Notes On The Protective Circuit For External Relays/Contactors (Free Running Circuit)37

    User Manual Chapter 6 GFK-2731A Jan 2020 Errors (cross circuits, short circuits), which can be prevented by correct installation (e.g., protected cable installation, isolated cable installation, double insulation, use of ferrules) are not described in the following tables. Therefore, for example, only errors between outputs, which are on the same connector, are described.

  • Page 45: Measures Required To Achieve A Specific Safety Integrity Level

    User Manual Chapter 6 GFK-2731A Jan 2020 Important – Limit the voltage induced on circuit interruption to < -15 V (e.g., with RC elements, suppressor diodes or varistors). – Please note that the free running circuit affects the fall time and the service life of the contactor.
  • Page 46 User Manual Chapter 6 GFK-2731A Jan 2020 Cat. 2 Use proven and basic safety principles according to EN ISO — 13849-2. Use appropriately qualified actuators (see "Requirements — for controlled devices/actuators" on page 11). Please note that mechanical failure of the switching device —...

  • Page 47: Single-Channel Assignment Of Safe Outputs

    User Manual Chapter 6 GFK-2731A Jan 2020 Use appropriately qualified actuators (see "Requirements — for controlled devices/actuators" on page 11). Please note that mechanical failure of the switching device — can result in the loss of the safety function. Prevent the welding of contacts on the connected —...
  • Page 48 User Manual Chapter 6 GFK-2731A Jan 2020 K1 (R) and K2 (R) represent the positively driven N/C contacts for monitoring the state of the relay (readback contacts). Connect these contacts via safe digital inputs. Evaluate the readback and thus the state of the switching elements in the safety logic. WARNING Loss of safety function Connect the actuator ground directly to terminal point GND of the safety module.
  • Page 49 User Manual Chapter 6 GFK-2731A Jan 2020 Device diagnostics and behavior of the module in the event of an error Table 17 Single-channel: Test pulses enabled Error type Detection Diagnostics Loss of Remark Error in the actuator Despite being disabled, None Detect errors using external the actuator does not...
  • Page 50 User Manual Chapter 6 GFK-2731A Jan 2020 Error type Detection Diagnostics Loss of Remark module cannot be switched on again with an edge from "0" to "1" until the error has been removed and acknowledged. WARNING Unexpected machine startup An operator acknowledgment leads to a positive edge and can thus result in the outputs being...

  • Page 51: Two-Channel Assignment Of Safe Outputs

    User Manual Chapter 6 GFK-2731A Jan 2020 Two-channel assignment of safe outputs For two-channel assignment of the safe outputs, two adjacent outputs are always used. This assignment is fixed and cannot be parameterized (see "Two-channel" on page 32). Figure 15 Two-channel assignment of outputs K1 (R) and K2 (R) represent the positively driven N/C contacts for monitoring the state of the relay (readback contacts).
  • Page 52 User Manual Chapter 6 GFK-2731A Jan 2020 WARNING Loss of electrical and functional safety – To achieve the specified safety integrity level, please refer to "Measures required to achieve a specific safety integrity level" on page 38. – Please note that in order to achieve the specified PL, the actuator must have a medium level of diagnostic coverage (90% to 99%) and medium MTTFd.
  • Page 53 User Manual Chapter 6 GFK-2731A Jan 2020 Error type Detection Diagnostics Loss of SF Remark Ensure that this error does not result in delayed system startup. Other errors Please take into consideration (depending on the all possible errors that can actuator) occur in the actuator.
  • Page 54 User Manual Chapter 6 GFK-2731A Jan 2020 Error type Detection Diagnostics Loss of SF Remark WARNING Unexpected machine startup An operator acknowledgment leads to a positive edge and can thus result in the outputs being re- enabled. Typical parameterization Parameterization Parameterized as Remark Channel 1...

  • Page 55: Chapter 7: Startup And Validation

    User Manual Chapter 7 GFK-2731A Jan 2020 Chapter 7: Startup and validation Initial startup Parameterization and configuration must already have been carried out Table 19 Steps for parameterization and configuration (via VersaConf Safety) Step Relevant section and literature Parameterization and configuration must already have been carried out before commencing startup.
  • Page 56 User Manual Chapter 7 GFK-2731A Jan 2020 Step Relevant section and literature Once the operating voltage has been applied: – If possible, measure the wave form of the voltages to ensure that there are no deviations. – Measure the output voltages on the module, as well as the supply voltages, which supply the connected loads (e.g., motor) to ensure that they are in the...

  • Page 57: Restart After Replacing A Safety Module

    User Manual Chapter 7 GFK-2731A Jan 2020 Restart after replacing a safety module 7.2.1 Replacing a safety module WARNING Unintentional machine startup Do not assemble or remove the module while the power is connected. Before assembling or removing the module, disconnect the power to the module and the entire VersaPoint station and ensure that it cannot be switched on again.
  • Page 58 User Manual Chapter 7 GFK-2731A Jan 2020 Perform a function test and error simulation. Please follow the checklist "Validation on page 113 during validation. Startup and validation...

  • Page 59: Chapter 8: Errors: Messages And Removal

    "Acknowledgment" column in the tables below. Important If diagnostic codes are indicated by the system, which do not appear in the tables below, please contact Emerson. Error removal To remove the cause of an error, please proceed as described in the "Remedy"...
  • Page 60 User Manual Chapter 8 GFK-2731A Jan 2020 However, it is the code of the entire diagnostic register that is indicated. To obtain the diagnostic code specified in the documentation, logically AND the code of the diagnostic register indicated with the code 07FF Example: ANDing Diagnostic code indicated: 2290 the diagnostic...
  • Page 61 User Manual Chapter 8 GFK-2731A Jan 2020 Example: Table 23 Safe output errors Channels in the Error cause Diagnostic code (hex) diagnostic code Short circuit or overload 003n X030: OUT0_Ch1 X037: OUT0_Ch2 X031: OUT1_Ch1 X038: OUT1_Ch2 X032: OUT2_Ch1 X039: OUT2_Ch2 X033: OUT3_Ch1 X03A: OUT3_Ch2 Short circuit or overload...

  • Page 62: Safe Digital Output Errors

    User Manual Chapter 8 GFK-2731A Jan 2020 Important For information about acknowledging satellite errors, see "Acknowledgment of error messages for satellites" on page 97 Safe digital output errors Table 25 Safe output errors Error cause Diagnostic Remark Effect Remedy Acknowledgm code (hex) Hardware X01n...

  • Page 63: Supply Voltage Errors

    User Manual Chapter 8 GFK-2731A Jan 2020 Error cause Diagnostic Remark Effect Remedy Acknowledgm code (hex) Cross circuit at X0An Cross circuit Remove error Yes (1) the indicated with another module OUT: Power up output output or outputs with error- X0A7: OUT0_Ch2 with an are in the...

  • Page 64: General Errors

    User Manual Chapter 8 GFK-2731A Jan 2020 General errors Table 26 General errors Error cause Diagnostic Remark Effect Remedy Acknowle code (hex) dgment Device X1F2 Immediate Check and adapt: Yes (1) shutdown. temperature – Ambient Further conditions at critical Temperatur –...

  • Page 65: Connection Errors To Satellites

    User Manual Chapter 8 GFK-2731A Jan 2020 Table 28 Parameterization errors Diagnostic code Short description Remedy dec) X23n The parameterization of Correct value and resend 560: OUT0_Ch1&2 two related outputs does parameter data to the module. X230: OUT0_Ch1&2 561: OUT1_Ch1&2 X231: OUT1_Ch1&2 not correspond to the 562: OUT2_Ch1&2...
  • Page 66 User Manual Chapter 8 GFK-2731A Jan 2020 Error cause Remedy Acknowledgment Diagnosti Short c code description (hex) (hex) Communication X5nn One or more Check and adapt data Acknowledgment connection faulty safe status and copy required. communicati routines. (The OAR bit is set in the diagnostic register of connections the IC220SDL953;...

  • Page 67: Acknowledging An Error

    User Manual Chapter 8 GFK-2731A Jan 2020 OAR bit Diagnostic code bit 0 ... 4 Faulty connection to satellite ... X506 XD06 X507 XD07 X508 XD08 X509 XD09 X50A XD0A X50B XD0B X50C XD0C X50D XD0D X50E XD0E X50F XD0F Table 31 Diagnostic codes for faulty communication connection OAR bit Diagnostic code bit 0 ...
  • Page 68 User Manual Chapter 8 GFK-2731A Jan 2020 WARNING Acknowledgment may result in a hazardous system state With the exception of a few special cases, the acknowledgment of an error immediately returns the safe input or output to the operating state. Before acknowledging an error you must, therefore, make sure that the acknowledgment will not cause the machine to switch to a dangerous state.

  • Page 69: Chapter 9: Maintenance, Repair, Decommissioning, And Disposal

    Repair Repair work may not be carried out on the safety module. In the event of an error, send the module to Emerson. It is strictly prohibited to open the safety module. In order to prevent the manipulation of the module and to detect the unauthorized opening of the module, a security seal is applied to the module.

  • Page 70: Chapter 10: Technical Data And Ordering Data

    User Manual Chapter 10 GFK-2731A Jan 2020 Chapter 10: Technical data and ordering data 10.1 System data 10.1.1 VersaPoint For system data, please refer to the following user manual: VersaPoint Automation terminals of the VersaPoint product range GFK-2736 10.1.2 VersaSafe system VersaSafe system Shutdown time t 10 ms...
  • Page 71 User Manual Chapter 10 GFK-2731A Jan 2020 General data Storage/transport: 75% on average; 85% occasionally (no condensation) Important For a short period, slight condensation may appear on the outside of the housing. Air pressure Operation 80 kPa to 108 kPa (up to 2000 m above sea level) Storage/transport 66 kPa to 108 kPa (up to 3500 m above sea level) Degree of protection...

  • Page 72: Mechanical Requirements

    User Manual Chapter 10 GFK-2731A Jan 2020 10.2.2 Mechanical requirements Mechanical requirements Vibration according to IEC 60068-2-6 Operation: 2g, Criterion A Shock according to IEC 60068-2-27 15g over 11 ms, Criterion A 10.2.3 Safety characteristics according to IEC 61508/EN 61508 Safety characteristics according to IEC 61508/EN 61508 Achievable SIL SIL 2 (single-channel)

  • Page 73: Safety Characteristics According To En Iso 13849-1

    User Manual Chapter 10 GFK-2731A Jan 2020 10.2.5 Safety characteristics according to EN ISO 13849-1 Safety characteristics according to EN ISO 13849-1 Achievable performance level PL e (two-channel) PL d (single-channel) Depends on the parameterization and wiring (see "Connection options for actuators depending on the parameterization"...

  • Page 74: Safe Digital Outputs Out0 To Out3

    User Manual Chapter 10 GFK-2731A Jan 2020 Supply voltage U (actuators) Permissible voltage range 19.2 V DC to 30.0 V DC, ripple included Current consumption 30 mA, typical (all outputs set) (plus actuator current) Permissible interruption time 10 ms; Within this time, the output voltage for the safe outputs fails as the outputs are not internally buffered.
  • Page 75 User Manual Chapter 10 GFK-2731A Jan 2020 Safe digital outputs OUT0 to OUT3 WARNING Loss of safety function At this voltage, the load must not switch to or remain in the ON state. Please take this into consideration when selecting the actuator. WARNING Loss of safety function At this current, the load must not switch to or remain in the ON state.

  • Page 76: Electrical Isolation/Isolation Of The Voltage Areas

    User Manual Chapter 10 GFK-2731A Jan 2020 Safe digital outputs OUT0 to OUT3 Maximum switching frequency 1 Hz; 0.2 Hz at > 1 A Filter time None Switch-off delay for shutdown according to Can be parameterized; 150 ms to 630 s; see stop category 1 "Parameterization of the safe outputs"...

  • Page 77: Approvals

    User Manual Chapter 10 GFK-2731A Jan 2020 10.2.10 Approvals Approvals For the latest approvals, please visit https://www.emerson.com/Industrial-Automation- Controls/support. Technical data and ordering data...

  • Page 78: Conformance With Emc Directive

    User Manual Chapter 10 GFK-2731A Jan 2020 10.3 Conformance with EMC Directive 10.3.1 Conformance with EMC Directive 2004/108/EC Conformance with EMC Directive 2004/108/EC Noise immunity test according to DIN EN 61000-6-2. Electrostatic EN 61000-4-2 Criterion B discharge (ESD) (IEC 61000-4-2) 6 kV contact discharge, 8 kV air discharge Electromagnetic EN 61000-4-3...

  • Page 79: Ordering Data: Software

    Catalog No. Pcs. / Pkt. Parameterization and Parameterization configuration tool. and configuration tool Important The software can be downloaded free of charge from http://www.Emerson.com/Industrial-Automation-Controls. 10.4.4 Ordering data: Documentation Description Order designation Pcs. / Pkt. VersaPoint User manual Automation GFK-2736 terminals of the VersaPoint...

  • Page 80: Appendix A: Versasafe System

    VersaSafe technology from Emerson offers a cost-effective solution. The VersaSafe system works independently of the relevant network and the standard control system used.

  • Page 81: A-1.2 Overview Of Versasafe System Features

    User Manual Appendix A GFK-2731A Jan 2020 A-1.2 Overview of VersaSafe system features Network independent — Controller independent — No higher-level safety controller required — Up to five connections to satellites — All data, including parameterizations, is located on the standard controller —...
  • Page 82 User Manual Appendix A GFK-2731A Jan 2020 Functionality IC220SDL953 Mirroring of local safe output data Forwarding of safe outputs – IC220SDL543 – IC220SDL753 – IC220SDL752 – IC220SDL840 Permissible revision see Table 33 Multiplexer mode Support of partial configurations Table 33 Revision as of which a module is permitted for use on the logic module Order No.: Type Revision as of which a module is...

  • Page 83: System Topology

    User Manual Appendix A GFK-2731A Jan 2020 System topology A-2.1 General topology A VersaSafe system can be integrated into various bus systems including PROFINET, and PROFIBUS. The standard bus system is thus supplemented by components to achieve safety. Figure 17 Network independence Control level A standard controller is used (see also "Network and controller requirements"...
  • Page 84 User Manual Appendix A GFK-2731A Jan 2020 Satellite is the preferred term to describe these modules and is used in this document. The satellites and the IC220SDL953 are assigned to an island using island numbers that are specified in the parameterization tool. The satellites are numbered in the order they are assigned in VersaConf Safety.

  • Page 85: Versasafe Address Assignment

    User Manual Appendix A GFK-2731A Jan 2020 The devices are parameterized using the VersaConf Safety software according to the safety function that is to be performed. The parameterization and wiring of the inputs and outputs depends on the application (e.g., single-channel or two-channel). For more detailed information about the parameterization options, please refer to the user manual for the relevant device.
  • Page 86 User Manual Appendix A GFK-2731A Jan 2020 Example: Table 36 Example 1: VersaSafe addresses Island number VersaSafe address Satellite number IC220SDL953 IC220SDL543 Position 1 1 IC220SDL... Position 2 Table 37 Example 2: VersaSafe addresses Island number Satellite VersaSafe address number IC220SDL953 IC220SDL840 Position 1 16 IC220SDL543 Position 2 16...
  • Page 87 User Manual Appendix A GFK-2731A Jan 2020 Figure 18 Example addresses for VersaSafe islands 1 to 3 All the possible addresses for island numbers 1 to 3 are listed in Table A-6. The addresses actually used in the example in Figure A-2 are in bold.

  • Page 88: Operating Modes And Setting The Dip Switches In The Versasafe System

    User Manual Appendix A GFK-2731A Jan 2020 To differentiate between VersaSafe and VersaSafe multiplexer mode, in VersaSafe mode the address with "111" in the last three bits is not used. If an address with the format xxxxx111 is specified in VersaSafe mode, the module enters the safe state.

  • Page 89: A-4.2 Versasafe Multiplexer Mode

    User Manual Appendix A GFK-2731A Jan 2020 Table 40 Switch position of the satellites in VersaSafe and VersaSafe multiplexer mode Satellites DIP switches for address Mode Operating mode KBD/ 7 ... 3 2 ... 0 Island Satellite VersaSafe, number number 1 5 (Mode 2) parameterization by IC220SDL953...
  • Page 90 User Manual Appendix A GFK-2731A Jan 2020 Note: Not a safe application In order to ensure correct use, subsequent safety logic (an evaluation unit) is required. The IC220SDL953 parameterizes both the local safe I/O devices and the input module as follows: Table 41 Parameterization of all safe outputs of the IC220SDL953 Parameterization Parameterized as...

  • Page 91: Process Image

    User Manual Appendix A GFK-2731A Jan 2020 Example application Figure 19 Example VersaPoint NIU standard controller VersaPoint Modules VersaPoint terminals according to your requirements Process image A-5.1 Structure of the process image Designation Meaning Explanation Process image of inputs Process image of outputs SATx Satellite x (x = 1 ...
  • Page 92 User Manual Appendix A GFK-2731A Jan 2020 Designation Meaning Explanation Feedback-Data-PSDO Safe output data of the IC220SDL... read back On page 92 automatically Feedback-Data-LPSDO Safe output data of the IC220SDL953 read back On page 92 automatically Read/write parts for the standard controller (bold in PIO) Dev-Ack-LPSDO On page 90 Acknowledgment of device and...
  • Page 93 User Manual Appendix A GFK-2731A Jan 2020 Figure 20 I/O image and data flow in a system comprising 1 IC220SDL953 and 3 satellites VersaSafe system...

  • Page 94: A-5.2 Description Of The Registers

    User Manual Appendix A GFK-2731A Jan 2020 Figure 21 I/O image and data flow in multiplexer mode A-5.2 Description of the registers Important The register assignment for the IC220SDL953, IC220SDL543, and IC220SDL753 is illustrated below. As the registers are device-specific, the assignment for other modules may differ from the description.
  • Page 95 User Manual Appendix A GFK-2731A Jan 2020 Data-x The register contains the safe data of the specified satellite. The structure and function of the register are as (safe data of satellite x) follows Table 43 Data-x register IC220SDL543 _Ch2 _Ch1 _Ch2 _Ch1 _Ch2...
  • Page 96 User Manual Appendix A GFK-2731A Jan 2020 Dev-Diag-LPSDO The diagnostic register of the IC220SDL953 has the following (LPSDO structure and function: diagnostics) Table 46 Dev-Diag register of the IC220SDL953 10 ... COK SA PUR OAR Diagnostic code/address Table 47 Meaning Function Communication IC220SDL953 is not parameterized or at least one of...
  • Page 97 User Manual Appendix A GFK-2731A Jan 2020 Meaning Function Operator acknowledge No request for acknowledgment. requested The IC220SDL953 requests an acknowledgment by the user. Previously: VersaSafe communication detected an acknowledgeable error resulting in communication being deactivated. Bits Diagnostic Bit 14 = 0: code/address The error message of the IC220SDL953 is displayed in bits 10 ...
  • Page 98 User Manual Appendix A GFK-2731A Jan 2020 Table 49 Meaning Function Operator 0 -> 1: acknowledge Acknowledgment of error message regarding failsafe communication (see also OAR bit in Dev-Diag register). Start LPSDO 0 -> 1: Start of the project saved on the IC220SDL953. 5 ...
  • Page 99 User Manual Appendix A GFK-2731A Jan 2020 App-Ack-LPSDO The bits in this register can be freely programmed in VersaConf Safety and can be used for the safety logic. Implement diagnostics (application using these bits. acknowledgment for IC220SDL953) The IC220SDL953 register has the following structure and function: Table 51 IC220SDL953 App-Ack-LPSDO register .

  • Page 100: Implementation Of Data Flow Between The Standard Controller And The Safety Modules

    A-6.1 Implementation of data flow with a function block A copy function block (COPY FB) to safeguard data flow between the VersaSafe modules is available from Emerson for certain systems. A-6.2 Implementation of data flow without a function block If a function block (COPY FB) is not available for your controller, you must implement data flow within the VersaSafe system yourself.

  • Page 101: Enable Principle

    User Manual Appendix A GFK-2731A Jan 2020 The VersaSafe components are represented in the process image of the higher-level con- troller with a special I/O structure. The structure is mapped in the corresponding device de- scription. The components illustrated in Figure 21 on page 87 must be copied according to the arrows for the data flow required between the VersaSafe components.

  • Page 102: Diagnostics

    User Manual Appendix A GFK-2731A Jan 2020 Safety logic Safe function block & Standard function block for ANDing Signal from the IC220SDL543 safe input module Data-LPSDO. Standard data of the standard control system, which is to enable the IC220SDL953; bit x OUTx_Chy Output x, channel y Internal sequences...

  • Page 103: A-8.2 Detection Of Device Errors

    User Manual Appendix A GFK-2731A Jan 2020 Important For more detailed information about error detection at safe inputs, please refer to the user manual for the IC220SDL543. Safe outputs Depending on the device type and parameterization, the following errors can be detected at safe outputs: Short circuit —...

  • Page 104: A-8.3 Acknowledgment Of Error Messages For Satellites

    User Manual Appendix A GFK-2731A Jan 2020 A-8.3 Acknowledgment of error messages for satellites Errors that occur on satellites are acknowledged by the standard controller in the Dev-Ack- LPSDO register on the IC220SDL953 (see "Description of the registers” on page 87). The acknowledgment is forwarded to the satellites.

  • Page 105: A-9.2 Downloading The Configuration And Parameter Data Record Following Power Up

    User Manual Appendix A GFK-2731A Jan 2020 On every power up, make this data record available to the IC220SDL953 island node (see "Downloading the configuration and parameter data record following power up" on page 98). The IC220SDL953 module is thus parameterized. The satellites are parameterized automatically by the IC220SDL953 module.

  • Page 106: Safe State

    User Manual Appendix A GFK-2731A Jan 2020 Important Make sure that you are sending the correct data record to the correct IC220SDL953. If a data record is sent to a IC220SDL953 for which it was not intended, an error message is displayed in the diagnostic register of the IC220SDL953.

  • Page 107: A-11.1 Typical Response Time

    User Manual Appendix A GFK-2731A Jan 2020 A-11.1 Typical response time The typical response time of the VersaSafe system is the time that elapses from the signal being applied at the safe input terminal through to the response at the safe output terminal. This time can usually only be achieved and measured during error-free operation of the VersaSafe system.
  • Page 108 User Manual Appendix A GFK-2731A Jan 2020 Figure 24 Overview of shutdown times This results in the following formula for t FWD_IN OUT_LPSDO STOP Table 58 Key for formula and Figure A-8 Abbreviation Meaning Note Demand of the safety function Safe state of the system Required shutdown time for the Determined from the application, e.g., from...

  • Page 109: Achievable Safety Depending On The Modules Used

    User Manual Appendix A GFK-2731A Jan 2020 The F-Watchdog time (t ) is specified for each communication relationship in VersaConf Safety. The minimum achievable t depends on the network and the controller (see documentation for the controller used). Important When specifying the F-Watchdog time, please remember that it can be affected by future system expansions.

  • Page 110: Behavior In The Event Of An Error

    User Manual Appendix A GFK-2731A Jan 2020 A-13 Behavior in the event of an error Error messages Errors that occur on the safe devices can be detected using process data, function blocks, and device LEDs. These error messages can be evaluated in the standard application program or can be displayed by means of a visualization.

  • Page 111: A-13.1 Critical System Or Device Errors

    User Manual Appendix A GFK-2731A Jan 2020 A-13.1 Critical system or device errors All errors that are detected and immediately switch the device to the failure state are assigned to this class. They include: Hardware faults (detected by selftests within devices) —...

  • Page 112: A-13.4 I/O Errors

    User Manual Appendix A GFK-2731A Jan 2020 A-13.4 I/O errors All errors that can occur and are detected within the I/O devices connected to the safe I/O devices are assigned to this class. For example, these include: Short/cross circuits at the inputs or outputs —...

  • Page 113: Memory Sizes For The Safety Logic

    User Manual Appendix A GFK-2731A Jan 2020 A-15 Memory sizes for the safety logic The maximum size of the safety logic is 20 kB. The following guide values can be used as a basis for creating your safety logic: Size of the first instance of each block: 800 bytes —...

  • Page 114: Appendix B: Checklists

    User Manual Appendix B GFK-2731A Jan 2020 Appendix B: Checklists The checklists listed in this section provide support during the planning, assembly and electrical installation, startup, parameterization, and validation of the IC220SDL953 module. Important For instructions on how to proceed in the event of an error, please refer to "Parameterization errors"...

  • Page 115: Checklists For The Versasafe System

    User Manual Appendix B GFK-2731A Jan 2020 Checklists for the VersaSafe system B-1.1 Planning Checklist for planning the use of the VersaSafe system Equipment identification Date Author Test engineer Remark Requirement (mandatory) Remark Has a hazard and risk analysis been carried out for the system/machine? SIL, SIL CL, Has the corresponding safety integrity level (...
  • Page 116 User Manual Appendix B GFK-2731A Jan 2020 Checklist for planning the use of the VersaSafe system When planning the safety functions, has the VersaConf Safety software tool been used to determine whether the memory space is sufficient for the size of the safety logic? Has it been ensured that any person intentionally starting hazardous movements has a direct view of the danger zone?

  • Page 117: B-1.2 Configuration And Parameterization

    User Manual Appendix B GFK-2731A Jan 2020 B-1.2 Configuration and parameterization Checklist for configuration and parameterization of the VersaSafe system Equipment identification Date Author Test engineer Remark No. Requirement (mandatory) Remark Has the safety logic been configured? Have all inputs and outputs been fully and correctly parameterized? Are standard input signals exclusively used to configure standard operations (e.g., for the enable principle using the...

  • Page 118: B-1.3 Startup

    User Manual Appendix B GFK-2731A Jan 2020 Checklist for configuration and parameterization of the VersaSafe system No. Requirement (optional) Yes No Remark Date Signature (author) Date Signature (test engineer) B-1.3 Startup Checklist for startup of the VersaSafe system Equipment identification Date Author Test engineer...

  • Page 119: B-1.4 Safety Functions

    User Manual Appendix B GFK-2731A Jan 2020 B-1.4 Safety functions Enter all the safety functions for your application in this checklist Checklist for checking safety functions Equipment identification Date Author Test engineer Remark No. Safety functions Remark Date Signature (author) Date Signature (test engineer) Checklists...

  • Page 120: B-1.5 Validation

    User Manual Appendix B GFK-2731A Jan 2020 B-1.5 Validation Checklist for validating the VersaSafe system Equipment identification Date Author Test engineer Remark Requirement (mandatory) Remark Have the mandatory requirements for planning been met? If applicable, have the mandatory requirements for startup been met? Has validation of the safe devices used been carried out and are the results available?

  • Page 121: Checklists For The Ic220Sdl953 Module

    User Manual Appendix B GFK-2731A Jan 2020 Checklists for the IC220SDL953 module B-2.1 Planning Checklist for planning the use of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Has the current module user manual been used as the basis Revision: for planning? Does the planned use correspond to the intended use?
  • Page 122 User Manual Appendix B GFK-2731A Jan 2020 Checklist for planning the use of the safety module Has the switch-off delay for stop category 1 been observed in the calculation of the total response time for the machine/system? No. Requirement (optional) Yes No Remark Have specifications for assembly and electrical installation been defined (e.g., EPLAN) and communicated to the...
  • Page 123 User Manual Appendix B GFK-2731A Jan 2020 B-2.2 Assembly and electrical installation Checklist for assembly and electrical installation of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Was assembly and installation completed according to the specifications (specifications from the planning phase or according to the user manual)? Was the safety module installed in the control cabinet...
  • Page 124 User Manual Appendix B GFK-2731A Jan 2020 B-2.3 Startup Checklist for startup of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark Requirement (mandatory) Remark Was startup completed according to the specifications (specifications from the planning phase or according to the user manual)? During startup, is it ensured that any person starting hazardous movements intentionally can only do so with a...
  • Page 125 User Manual Appendix B GFK-2731A Jan 2020 B-2.4 Validation Checklist for validating the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark Requirement (mandatory) Remark Have all the mandatory requirements for the "Planning" checklist been met? Have all the mandatory requirements for the "Assembly and electrical installation"...
  • Page 126 User Manual Appendix B GFK-2731A Jan 2020 Checklist for validating the safety module Has it been ensured that any person intentionally starting hazardous movements has a direct view of the danger zone? Date Signature (author) Date Signature (test engineer) Checklists...
  • Page 127 Note: If the product is purchased through an Authorized Channel Partner, please contact the seller directly for any support. Emerson reserves the right to modify or improve the designs or specifications of the products mentioned in this manual at any time without notice.