Safe drive functions have made their mark on standards, products and applications. They are part of the functional safety plant and machinery. With the help of safe drive functions, the motor is braked safely with a defined ramp when a safety gate is opened and then remains at standstill under active control. In jog mode, the motor can then be moved at safely reduced number of cycles and with safely monitored movements. With drive-integrated safety technology, fast, safe drive buses, powerful programmable safety systems and safe camera systems, products are available for high-end safety solutions.
The standard IEC 61800-5-2 divides safety functions into stop functions and miscellaneous safety functions. Several components and their respective interfaces must be considered in order to implement the safety functions. The whole safety chain must always be considered when calculating the required safety integrity.
Drive-integrated safety: One objective of safety technology has always been to prevent potentially hazardous movements. For technical and economic reasons, the drive electronics – servo amplifier and frequency converter – have remained a non-safety-related component within automation. So safety is implemented through additional safe components, which bring the drive to a de-energized, safe condition in the event or a fault, or safely monitor the movement of the connected motor. The current market trend is to integrate these safe components into the drive.
The drive-integrated solution for the stop functions reduces the space requirement in the controls cabinet and also the amount of wiring required. Even additional components to monitor standstill or speed are now surplus to requirements. Servo amplifiers with integrated safety functions in accordance with DIN EN 61800-5-2 are now available, providing much simpler solution, even for complex safety requirements. An overview of frequently used drive-integrated safety functions is given below.
Safe stop functions: In terms of safety axes, the most important factors are to prevent unexpected start-up and to shut down moving axes safely in the event of danger. The corresponding functions are summarized under safe stop functions.
Safe torque off (STO): A safe solution based on servo amplifiers with an integrated safe shutdown path is available to prevent axes from starting up unintentionally.
Safe stop 1 (SS1): In many applications, drives cannot simply be shut down because they would run down slowly and thus cause a hazard. In general, an uncontrolled run down such as this can also take considerably longer than braking of an axis. With the safe stop 1 function, the servo amplifier is monitored directly. Once the set braking ramp has run its course, the drive is shut down safely. The reaction times are reduced and in many cases the safety distances to the danger points can also be reduced.
Safe stop 2 (SS2): In addition to the safe stop 1 function, with this function there is no need to shut down drives in a stop condition. Once the braking ramo is complete, the drive switched to a safe operating stop and monitors the current position within a tolerance window. The drive can build up the necessary torque to hold the axis in position.
This way the synchronization between axes, and with the process, is no longer lost. As a result, it is possible to restart the axes immediately at any time, which increases plant availability considerably. The drive-integrated function shortens the reaction times and reduces the risks.
Safe motion functions: Modern drive solutions examine how axes are switched on and off and also look at the potential risks that may arise as the axes are operating. These functions are summarised here under safe motion functions.
Safe operating stop (SOS): The operating stop is part of the safe stop 2 functions. When this function is activated, the current axis position is monitored to ensure that it does not leave the corresponding tolerance window. This function is generally applied to the standstill phases in a process.
Safety limited speed (SLS): Without drive-integrated safety functions, the implementation of this function was associated with the high material costs or functional restrictions. Where axes are moved in jog mode during setup, the potential speed of the axis in the event of a fault is a key aspect of any risk analysis. Safety limited speed monitors the drive to check that a defined maximum speed is not exceeded. This reduces the risks to operators significantly because axis overspeed is quickly detected, resulting in a safe shutdown.
Safe Speed range (SSR): The risks cannot be eliminated in every case merely by restricting higher speeds. If axes are operating at a defined distance without a mechanical coupling, reducing the speed on just one of the two axes may create a risk of crushing. The safe range function enables a minimum speed to be monitored, which would shut down both axes in such a case.
Safe direction (SDI): This function guarantees that a drive can only move in the specific direction. Where a danger zone is accessed using jog mode functions, the safe direction function is a prerequisite for safe operation. If the axis were not to keep to the specified direction of rotation, the operator could be exposed to risk in some circumstances. This function detects the change of direction and triggers an immediate shutdown of the axis.
The third group of safe drive functions summarizes the functions surrounding holding brakes and service brakes.
Safe brake control (SBC): Holding brakes and service brakes are often used on axes with suspended loads. Along with mechanical part of the brake, the brake drive is another key component in terms of the safety function. The safe brake control function is generally used to control the holding brake that is activated once the axis is at standstill.
Safe brake test (SBT): Using the safe brake test function can significantly increase safety. It is not enough simply to control a holding brake safely. If the wearing, mechanical part of the brake is not maintained regularly, it cannot be guaranteed that the holding brake will apply the designated braking action in the event of danger. The safe brake test function provides an automatic test, replacing previous measures which could be only implemented manually. If the result is negative, the plant can be stopped and a fault is signalled. As a result, maintenance work can be considerably reduced.
Servo amplifier with integrated safety: The implementation of safety functions for one or more drive axes prevents uncontrollable movements and guarantees the safety of personnel during operation, setup, format change or maintenance. In this way, safe motion opens up new possibilities for co-operation between man and machine. For example, machines can be set up at safely reduced speed. That means shorter setup times and higher machine availability.
In the servo amplifier PMCprotego DS, from Pilz Australia , motion is monitored precisely where it arises. This means that reaction times are reduced considerably, which is a key factor for safety on highly dynamic axes. At the same time, fewer additional external safety components are required, so costs are also reduced.