SAFE drive functions are part of the today’s functional safety plant and machinery and are increasingly gaining ground in the market.
When you examine the application of the safety principle within classic safety functions, initiation of the safety function causes the outputs to shut down, and this is described as a “safe condition”.
With the help of safe drive functions, the motor is braked safely with a defined ramp when a safety gate is opened and then remains at standstill under active control. In jog mode the motor can then be moved safely.
With drive-integrated safety technology, fast, safe drive buses, powerful programmable safety systems and safe camera systems, products are available for high-end safety solutions.
Safety requirements of VSDs
The standard IEC 61800-5-2 divides safety functions into stop functions and miscellaneous safety functions. The description is very rudimentary and allows a great deal of freedom in how it is implemented and interpreted.
This is particularly evident with the stop functions, which are among the most complex of safety functions. The implementation method can vary greatly, but so too can the external behaviour of the safety functions.
When the safety functions are operated in practice, subsequent effects can be attributed to the poor quality of the sensor signals or to the actual behaviour of an electrical drive in general.
Poorly tuned control loops and EMC are frequently the cause of restricted availability of safe drive axes.
To guarantee the security of the manufacturing and production process as well as the safety of personnel, safety functions may also be permanently active – without the plant having to be in a special operating mode.
Several components and their respective interfaces must be considered in order to implement the safety functions. The whole safety chain must always be considered when calculating the required safety integrity.
Drive-integrated safety
One objective of safety technology has always been to prevent potentially hazardous movements. Nothing then is more obvious than to dovetail safety technology with motion generation.
For technical and economic reasons, the drive electronics – servo amplifier and frequency converter – have remained a non-safety-related component within automation.
So safety is implemented through additional safe components, which bring the drive to a de-energised, safe condition in the event of a fault, or safely monitor the movement of the connected motor. The current market trend is to integrate these safe components into the drive reducing the space requirement in the controls cabinet and the amount of wiring required, as additional external components required in the past, such as contactors, are now superfluous.
Servo amplifiers with integrated safety functions in accordance with DIN EN 61800-5-2 are now available, providing much simpler solution, even for complex safety requirements.
An overview of frequently used drive-integrated safety functions follows:
q Safe stop functions – In terms of safety axes, the most important factors are to prevent unexpected start-up and to shut down moving axes safely in the event of danger. The corresponding functions are summarised under safe stop functions.
q Safe torque off (STO) – A safe solution based on servo amplifiers with an integrated safe shutdown path is available to prevent axes from starting up unintentionally.
q Safe Stop 1 (SS1) – In many applications, drives cannot simply be shut down because they would run down slowly and thus cause a hazard. In general, an uncontrolled run down such as this can also take considerably longer than braking of an axis. Lastly, with the SS1 function, the servo amplifier is monitored directly. Once the set braking ramp has run its course, the drive is shut down safely.
q Safe stop 2 (SS2) – In addition to the SS1 function, with this function there is no need to shut down drives in a stop condition. Once the braking ramo is complete, the drive switched to a safe operating stop and monitors the current position within a tolerance window. The drive can build up the necessary torque to hold the axis in position. This way the synchronisation between axes, and with the process, is no longer lost.
q Safe motion functions – Modern drive solutions not only examine how axes are switched on and off, but also look at the potential risks that may arise as the axes are operating. These functions are summarized here under safe motion functions.
q Safe operating stop (SOS) – The operating stop is part of the SS2 functions. When this function is activated, the current axis position is monitored to ensure that it does not leave the corresponding tolerance window.
q Safely limited speed (SLS) – Safely limited speed monitors the drive to check that a defined maximum speed is not exceeded. This reduces the risks to operators significantly because axis is over-speed is quickly detected, resulting in a safe shutdown.
q Safe Speed range (SSR) – The risks cannot be eliminated in every case merely by restricting higher speeds. If axes are operating at a defined distance without a mechanical coupling, reducing the speed on just one of the two axes may create a risk of crushing. The safe range function enables a minimum speed to be monitored, which would shut down both axes in such a case.
q Safe direction (SDI) – This function guarantees that a drive can only move in the specific direction. Where a danger zone is accessed using jog mode functions, the safe direction function is a prerequisite for safe operation.
q Safe brake functions – The third group of safe drive functions summarises the functions surrounding holding brakes and service brakes.
q Safe brake control (SBC) – The safe brake control function is generally used to control the holding brake that is activated once the axis is at standstill.
q Safe brake test (SBT) – The safe brake test function provides an automatic test, replacing previous measures which could be only implemented manually. If the result is negative, the plant can be stopped and a fault is signalled.
q Servo amplifier with integrated safety – The implementation of safety functions for one or more drive axes prevents uncontrollable movements.
The Pilz servo amplifier PMCprotego DS, motion is monitored precisely where it arises. This means reaction times are reduced considerably.