EN / FSO-11 safety functions module user's manual
Contents
1. Planning for installation 61 Note Calculation software can be used to assist in selecting the appropriate architecture that will meet the safety integrity requirements for a particular application Power supply connection cables The system must be protected against over voltage and over current The length of the cabling between the FSO 11 and its power supply must be three meters or shorter or a sufficiently low interference level must be otherwise guaranteed Note The 24 V DC power supply should be equipped with a supply disconnecting device to enable the easy start up of the FSO 11 Ensuring the EMC compatibility The system must only be used in the EMC environment it is designed for or necessary mitigations must be applied Selecting control cables For the control cables to on field devices it is recommended that shielded cabling is used Double shielded cable is the best alternative for low voltage digital signals but single shielded twisted multipair cable is also usable See Control connection data on page 151 and chapter Planning the electrical installation in the drive Hardware manual Routing the cables See chapter Planning the electrical installation in the drive Hardware manual Follow especially the rules below When using redundant signaling take care to avoid common cause failures in the cables This can be done by routing the two channels through two well apart routes or by protecting the2. T 20 3 Safety information and considerations Contents of this chapter gr eR hoe CRI dm Rc eR Ce Roh ad 21 Meeting the requirements of the Machinery Directive o oo ooooooocoooo o 21 RESDONSIDIIMES P 21 Safety consideralos uua scie dw hee EOS Re AR e eS ee dG ORS dit OR SOR C o A 22 Respons UMES ue pad grece dien iode Dod ei eee Suid e drin in dide 22 POO dagno SUCS marca dos e ook db ade dae diee dol dum qm dp d dabo dira dies e eS 22 A ee 23 Safety function acknowledgement modes o o oooccooo ees 23 Erncoderless MOS usas i doe do OI ERROR ah ee ai doe dU ae C CR LR o we i d 24 we eE riuris rr 24 Char eiei d ecos errada aras ea 25 ja aeee e E EEE Bee AP Ud See hera 25 Safely SeDSFB OT sto 923 30 o quid irebe de diia a da db ea 25 4 Overview Contents or this chapler cese tre RR dS Rea Ph EORR LH Ren uo iva i DAP ACIE d 27 6 Table of contents System descripto P 28 FSO 11 and safety system components anaana aaaea eee eee 28 A II 29 Hao AT TI E 30 Type designation label oo oooooooonnoone rs 30 Operational characteristics o o o ooooooooorr ees 31 5 Implemented safety functions Contents of Iis chapter iua saa te IEEE GREG EG Ode XA E NOE Cee AEE ee See E 33 SISI CIONS RP 33 GERO nn Sele has E el e ecm ede ch es E E e a S 34 Acknowledgement vico ne koe RR AR n ae E Y
3. 60 Planning for installation WARNING Operating the drive system with a safety module in environmental L Y conditions that are outside of the specified ranges for the safety module may result in losing the safety function Electrical installation General requirements Electrical installation of the safety system must be performed according to the practices outlined in chapter Planning the electrical installation in the drive Hardware manual Reading chapter Installation checklists on page 71 provides additional advice for the planning All wiring must be well protected routed and clamped where practicable When installing cabling it must be assured that there is no pulling or pinching on the cables Connections Inputs and outputs To design the safety system architecture and select components to be used it is essential to read and understand the different architecture options for example single channel redundancy Single inputs can be connected to any connection X113 1 4 or X114 1 4 and they can use either one of the test pulses X113 10 and X114 10 Redundant inputs must be connected so that one input is connected to X113 n and uses test pulse X113 10 and the other is connected to X114 n and uses test pulse X114 10 n 1 4 the same for both inputs 24 V TP2 X114 10 Test pulse 1 TP1 X113 10 Test pulse 2 Lt DI1 X113 n n7 1 4 Digital input 1 j DI2 X114 n n7 1 4 Digital input 2 OV
4. aaea 96 Congo VO P r rrrrr 98 How to contgure VO 4 2 3 03 4 wd smere Dd et 98 eo nego o mC eoee rr 103 HOW to coniigure STO suu acc doe oec eod a o Re Ro He CR 19 REOR EO XR Rc dos 103 COMMUN SES CITIES 105 How to configure SBC after STO l l rn 105 How to configure SBC before STO o o oooocooococooc lees 107 ess AA oo an eek teed eo Set he ek Sd ae Ged dh we ae Des on 109 How to configure SS1 with time monitoring llle 109 How to configure SS1 with ramp monitoring llle 111 How to configure SS1 with speed limit activated SBC 113 Genegpehe caM Fc O rvT mm 115 How t6 COMIQUIS SSE 325 reee Oe We de iri URP AA od FE eee ee dd 115 How to configure SSE with time monitoring 0 ccc oo 117 How to configure SSE with ramp monitoring llle 119 How to configure SSE with speed limit activated SBC LLL 121 COMMOUPIAG SA Orr 123 How to coblligUre SAT uui acti i a EROR ee oe Oe ead AAA P PORC RR REOR CIR ER 123 COMMUNI SES T 124 How to configure SLSn with time monitoring llle 124 How to configure SLSn with ramp monitoring 0000 cee ees 127 COMMUTING SMS St cg sence d males on nh des ad A ad dee em ae Ne EA 130 How to configure SMS 393 x ant i
5. Doxn4z Smgdeoupuxtd V DO XTA Configuration 79 No Name Value Description 24 SSE time to zero Time in which the acknowledgement is allowed after speed with STO the SSE when the SSE activates the STO parameter ms 27 SSE function Immediate STO DI X113 1 Single input X113 1 DI X113 2 Single input X113 2 26 SSE input B Digital input connected to the SSE secondary input Secondary input is mostly used for the cascade connection See parameters 188 Cascade A and 189 Cascade B DI X113 3 Single input X113 3 T7 DI X113 1 amp X114 1 Redundant input X113 1 amp X114 1 DI X113 2 amp X114 2 Redundant input X113 2 amp X114 2 DI X113 4 amp X114 4 Redundant input X113 4 amp X114 4 7 27 SSE function Function activated by the SSE Immediate Immediate STO SSE activates the STO immediately Emergency ramp SSE activates the SS1 with emergency ramp 28 SSE monitoring Method used for the SSE monitoring method a alal ol amp lolmi alal alaluln o y D a Nilo rdi gt E o PE 3 SE Ss Ra O MH 80 Configuration No Name Value Description Default sel value Ramp Rampmonitorng Obo 29 SSE delay for STO Time delay after which the STO is executed if time monitoring used See parameter 28 SSE monitoring method omsoom me Noe Nooipucometd O Doxss Smdeouuxma8 CN DoXH48 SmdeoupuXm48 CO Doxmas Smdeoupuxr48 bP 31 SSE completed Digita
6. period 59000 ms pulse on off On DO X113 0 logic state Active low Safety relay 1 output DO X113 84 amp X114 8 DI X114 1 diag Safety relay 1 pulse on off On T esie diis id DI X114 2 diag DI X113 4 X114 2 pulse on off On i X114 3 DI X114 3 diag Safety relay 2 e pulse on off On output None HAA DIX114 4 diag Safety relay 2 state Active low pulse on off On feedback None DO XTT4 8 diag l pulse on off On YNAACUVZ DO X114 7 diag pulse on off On DO X114 8 logic DO X114 9 logic ne e dd state Active high DO X114 9 diag DI diagnostic pulse period 30000 ms pulse on off Off X113 10 X114 10 TP Diagnostic test pulses Note The safety relay inputs and outputs must be configured so that in the safe state the circuit is disconnected 0 V 100 Configuration Inputs Set the length and period of the diagnostic pulse for the digital inputs Select for each input whether the diagnostic pulse is on or off No Name Value Description Example value 00 Safety Safety parameters NERED pulse length mst 191 DI diagnostic Cycle time of the diagnostic pulse falling edge for digital 30 000 ms pulse period inputs time between diagnostic pulse falling edges 192 DI X113 1 diag Diagnostic pulse of digital input X113 1 on or off On pulse on off on Biagnostio pulse on 193 DIX113 2 diag Diagnostic pulse of digital inpu
7. Safety related parts of control systems Part 1 General principles for design EN ISO 13849 1 has replaced EN 954 1 1996 in November 2009 2006 42 EC European Machinery Directive Introduction to the manual 17 SEM Name Sector specific C type standards Definitions Safety related definitions according to EN ISO 13849 1 2008 EN 62061 2005 and EN 61800 5 2 2007 are presented in the table below Term Definition UJi v PP pe EE an event when the FSO 11 is in use See section Acknowledgement on page 34 See also term Reset on page 17 Common cause failure Failure which is the result of one or more events causing CCF coincident failures of two or more separate channels in a multiple channel redundant architecture subsystem leading to failure of a Safety related electronic control function SRCF Functional safety Part of the safety of the machine and the machine control system which depends on the correct functioning of the SRECS other technology safety related systems and external risk reduction facilities Hazard Potential source of harm physical injury or damage to health or equipment Power drive systems Adjustable speed electrical power drive system suitable for use in Safety related safety related applications PDS SR Proof test Test that can detect faults and degradation in a Safety related electronic control system SRECS and its subsystems so that if necessary the SRECS and i
8. 00594987 xls B Degrees of protection Degree of protection IP20 00594987 xls B Size and weight Length 00594987 xls B Cooling Cooling method Dry clean air natural convection 00594987 xls B Technical data 153 Speed estimation Speed range Allowed range depends on the used motor Maximum range 18000 18000 rpm number of motor pole pairs Accuracy Static situation With nominal speed and torque 30 rpm Dynamic situation Depends on the torque For example without torque the tripping limit is higher than the SLS trip limit parameter defines Ambient conditions Operation Storage Transportation installed for in the protective in the protective stationary use package package Altitude 0 1000 m 0 3300 ft above sea level no derating required 1000 2000 m 3300 6600 ft above sea level air outside the module derated to 15 49 C 5 120 F 2000 4000 m 6600 13200 ft above sea level air outside the module derated to 15 40 C 5 104 F Air temperature 215 455 C 40 70 C 40 70 C 5 131 F 40 158 F 40 158 F 70 C 158 F inside the module Relative humidity 5 95 5 95 5 95 no condensation no condensation no condensation allowed allowed allowed 00594987 xls B 154 Technical data Safety functionality Stopping functions STO Safe torque off SBC Safe brake control SS1 Safe sp
9. None output SSE SS1 SBC speed Zero speed No Name Value Description Example value 00 Safety Safety parameters WI 15 SSE SS1 SBC Absolute speed below which the brake is activated while 180 0 rpm speed ramping If the value is 0 0 rpm this feature is not in use 35 SS1 input A Digital input connected to the SS1 primary input DI X113 1 amp X114 1 DI X113 1 amp Redundant input X113 1 amp X114 1 1 X114 1 36 SS1 input B Digital input connected to the SS1 secondary input Secondary input is mostly used for the cascade connection None No input connected 37 SS1 monitoring Method used for the SS1 monitoring method Ramp Ramp monitoring 39 SS7 output Digital output indicating activity of the SS1 DO X114 9 DO X114 9 Single output X114 9 9 114 Configuration Example No Name Value Description value 40 SS1 completed Digital output indicating completion of the SS1 Active None output when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Configuration 115 Configuring SSE How to configure SSE To configure the SSE set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SSE function see page 50 Example The figure below and the Example value column in the table show an example of a simple SSE set up redundant emergency button connected to input
10. minimum down time It must be removed before the acknowledgement is accepted 3b If the drive has not ramped down fast enough when the delay for STO A has elapsed the STO is activated now and the time to zero speed B is started After the acknowledgement manual or automatic the STO and SS1 are deactivated 4b If the drive had not ramped down fast enough at 3b acknowledgement would become allowed now Implemented safety functions 47 Note Logic states of the STO state indication SS1 state indication and SS1 completed indication signals output are configurable Note SS1 monitoring is started immediately after the SS1 request is received For configuration see section How to configure SS1 with time monitoring on page 109 in chapter Configuration 48 Implemented safety functions SS1 with ramp monitoring Motor ds STO time to zero speed C und r SS1 request Inactive PAE STO state STO state indication SS1 state indication 4 SS1 completed indication LEL NENNEN Time to zero speed Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed Relevant only if 2b occurs Bo Zero speed Speed limit for activating the STO C SS1 request removal allowed shaded area The SS1 request can be removed after a minimum down time It must be
11. 900000 00mm amp ped 00 30000pm Se OOOO O O 73 SLS3 trip limit SLS3 negative speed limit tripping the drive 650 0 rpm negative 3000000 pm Speed 74 SLS3 trip limit SLS3 positive speed limit tripping the drive 650 0 rpm positive 00 39x00mm Se 0000 09 gm poes Seed SSS 77 SLS4 reer limit SLS4 negative speed limit tripping the drive mE 0 rpm negative 3000000 pm Sed 78 SLSA trip limit SLS4 positive speed limit tripping the drive 1050 0 rpm positive 00300m Speed Configuration 85 No Name Value Description Default sel value C 39900 00 m Sped 00 39p00mm Sped 81 SLS activation Method of SLS activation monitoring Ramp monitoring method Ramp Ramp monitoring C 82 SLS time delay Delay for starting speed monitoring when time 4000 ms monitoring is used See parameter 81 SLS activation monitoring method 000 000 m8 me None noouputcomnecea O DOXi38 SmeowuxmaS b DO X114 7 Single output X114 7 DO X114 8 Single output X114 8 EN DO X114 9 Single output X114 9 9 84 SLS1 output B Digital output connected to the SLS1 secondary output Secondary output is mostly used for cascade connection See parameters 188 Cascade A and 189 Cascade B Noe No output connected O DoXxiss Smdeoumuxia8 b DOXH48 SndeouuXi4B CN Doxi4S Smdeoupuxi48 p Noe Nooiptcmmetd O 86 Configuration No Name Value Desc
12. A LENSES Safety PLC system master Safe stopping Gate opening switch Safety function requests Prevention of unexpected start up Key switch Emergency stop Stop button Channel separation The FSO 11 safety functions module is an option for ACS880 drives Safe torque off STO is a standard feature on ACS880 drives The FSO 11 does not operate the drive it only monitors the actions of the drive and commands safety functions to be executed The request for safety functions can come from an external safety system for example a push button safety PLC or from the FSO 11 internal fault If the drive does not fulfill the commands of the FSO 11 the FSO 11 will shut down the drive using the Safe torque off STO function Safety functions supported by the FSO 11 are presented in chapter mplemented safety functions on page 33 Overview 29 Layout O STATUS FAULT O STO No Description 24 V DC input connection Safe torque off STO connection 4 Mounting for drives with ZCU 11 control unit shown Two mounting points on each side 4b The screw fixed at 4b also grounds the enclosure of the FSO 11 Mounting points for drives with other control units may vary FSO 11 grounding screw grounds the electronics ES FSO 11 status LEDs see section Status LEDs on page 143 7 Input output status LEDs one for each I O connector see
13. Redundant cascade X113 3 amp X114 3 gt X113 9 amp X114 9 90 Configuration No Name Value Description Default sel value Xi33 XH39 Single cascade x133 gt XMG e X42 XW48 SmgecasadeXT amp 2 X8 8 xmas axte Sinde cascade xia x ooo 190 DI diagnostic sues Length of the pem ES for digital inputs length MES he ems 191 DI diagnostic pulse Cycle time of the diagnostic pulse falling edge for 10 000 ms period digital inputs time between diagnostic pulse falling edges 50 59 000 ms Time 2 192 DI X113 1 diag pulse Diagnostic pulse of digital input X113 1 on or off CN on off or Diagnostic pulse of NN On Diagnostic pulse on 193 DI X113 2 diag pulse Diagnostic pulse of digital input X113 2 on or off on off 194 DI X113 3 diag pulse Diagnostic pulse of digital input X113 3 on or off on off 195 DI X113 4 diag pulse Diagnostic pulse of digital input X113 4 on or off on off or Diagnosis pulse of COM on Piagnosti pulse on 196 DI X114 1 diag pulse Diagnostic pulse of digital input X114 1 on or off eaan CE On Diagnostic pulse on H3 197 DI X114 2 diag pulse Diagnostic pulse of digital input X114 2 on or off S on off 198 DI X114 3 diag pulse Diagnostic pulse of digital input X114 3 on or off on off Configuration 91 No Name Value Description Default sel value 199 DI X114 4 diag pulse Diagnostic pulse of digital input X114 4 on or off On
14. SBC activated Time Check also STO SBC usage Delayed brake feedback input i SBC output DO X113 7 amp SBC feedback action X114 7 No Name Value Description Example value 200 Safety Safety parameters a 7 STO input A Digital input connected to the STO primary input DI X113 1 amp X114 1 DI X113 1 amp Redundant input X113 1 amp X114 1 1 X114 1 106 Configuration No Name Value Description 8 STO input B Digital input connected to the STO secondary input Secondary input is mostly used for the cascade connection See parameter 188 Cascade A 9 Restart delay Time after which the restart is allowed after the STO 1000 ms after STO lt Sh MA o E 11 STO SBC usage Brake usage is always coupled with the STO This Delayed parameter defines how Delayed brake Time controlled brake 12 STO SBC delay Brake usage delay relative to the STO Negative value means that the brake is activated before STO activation Note Mechanical brake delays must be included in here 16 SBC output Digital output connected to the SBC output brake relays DO X113 7 amp X114 7 li g D X114 7 18 SBC feedback Action taken when there is a problem on the SBC STO ST STO STO activated 19 STO STO acknowledgement method Automatic acknowledgeme nt Automatic Automatic acknowledgement after the removal of 1 requests 20 STO output Digital output indicating activity of the STO None No output connected
15. h 8 82E 10 9 27E 12 4 58E 08 9 50E 11 1 06E 11 6 60E 09 CDa COW 9 90E 06 1 25E 07 4 01E 04 8 41E 07 1 43E 07 2 98E 05 demand SFF 95 99 69 99 84 83 74 98 38 99 81 99 00 wr po poto of 1 J 1 a 2 8 1 3 3 MTTF a 2472 2472 2472 2472 2154 3AXD10000006135 doc C Technical data 157 Safety data for some typical configurations The table below shows FSO 11 safety data for some typical configurations consisting of subsystems listed in the previous tables in section Basic safety data on page 156 ubsystems used in the HFT SIL MTTFd DC Cat PL safety function SILCL A 7 T peed measurement channel pulsed DI i 8 07E 09 5 49E 05 99 02 105 85 98 64 channel pulsed output 1 channel pulsed DI Logic TO output channel pulsed output peed measurement 1 channel non pulsed DI 7 14E 08 5 78E 04 98 46 6 48E 08 5 48E 04 92 56 1 channel non pulsed 1 47E 09 2 51E 05 99 30 842 77 96 14 peed measurement channel pulsed DI i 6 69E 09 4 04E 05 99 03 8 90E 11 1 06E 05 99 42 peed measurement channel non pulsed DI 6 79E 09 4 12E 05 98 99 channel non pulsed output channel non pulsed DI Logic TO output 1 85E 10 1 14E 05 98 80 channel non pulsed output 3AXD10000006135 doc C 158 Technical data Life time 00594987 xls B Response times Safety function response time Maximum response time of the FSO 11 and drive combination is 100 ms Note Parameter
16. l s C 3 SSE request f Inactive Active _ STO state d STO state indication SSE state indication SSE completed indication Description Time to zero speed Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed Relevant only if 2b occurs Bo Zero speed Speed limit for activating the STO C SSE request removal allowed shaded area The SSE request can be removed after a minimum down time It must be removed before the acknowledgement is accepted SSE request received for example from the I O After the safety function response time ramping down with SARO monitoring is started 2b If the drive has not followed the ramp the STO is activated now and the time to zero speed A is started 3 Speed goes below the defined zero limit the SAR monitoring is stopped and the STO is activated 4 After the acknowledgement manual or automatic the STO and SSE are deactivated and the control is given back to the drive which is allowed to modulate again If the drive had not followed the ramp at 2b acknowledgement would become allowed now Note Logic states of the STO state indication signal SSE state indication and SSE completed indication signals output are configurable 54 Implemented safety functions For configuration see section How to configure SSE w
17. on off of Diagnostic pulse of o On Diagnostic pulse on h eng 08m p tm ems 201 DO diagnostic pulse Cycle time of the diagnostic pulse falling edge for 10 000 ms d digital outputs time between diagnostic pulse falling mE edges 3 5999ms me 202 DO X113 7 diag Diagnostic pulse of digital output X113 7 on or off On pulse on of 203 DO X113 8 diag Diagnostic pulse of digital output X113 8 on or off On pulse on off 204 DO X113 9 diag Diagnostic pulse of digital output X113 9 on or off On pulse on off or pignesispuise of oo on Diagnostic pulse on 205 DO X114 7 diag Diagnostic pulse of digital output X114 7 on or off On pulse on off om iagnosti pulse off o Diagnostic pulse on 206 DO X114 8 diag Diagnostic pulse of digital output X114 8 on or off On pulse on off 207 DO X114 9 diag Diagnostic pulse of digital output X114 9 on or off On pulse on off or Dagwsispuseof CS On Dagesispuseo ooo o Noe Nooiucometd p 209 Safety relay 1 Feedback input of the safety relay 1 None feedback 92 Configuration No Name Value Description Default sel value None Nomputoomeed O om2 srsenpaxns2 b oma SmdempiXH34 CA Dxm amp i SmdempiXH4i CA Noe NooWpicomeded p 211 Safety relay 2 Feedback input of the safety relay 2 None feedback Noe Nompicmmded D Dixna2 Smdemuxna2 onsa
18. Download the FSO 11 parameters from the Drive composer pro PC tool to the FSO 11 according to chapter Configuration on page 73 Perform the start up procedure according to chapter Start up on page 131 Perform the validation procedure for each safety function according to chapter Verification and validation on page 133 Note The STO is the basic safety function and it has to be validated first The acceptance tests for the STO function of the drive are described in chapter Planning the electrical installation in the drive Hardware manual Update the HW and SW versions of the new FSO 11 to the logbook of the driven machine Drive replacement If you have to replace the drive where the FSO 11 is installed for example because of a serious drive failure follow the procedure below a Ue OY d 9 Reinstalling the FSO 11 module to another drive Stop the driven machinery and prevent an unexpected start up Do one of the following a Upload the FSO 11 parameters from the FSO 11 to the Drive composer pro PC tool b Make a backup of the drive See the drive Firmware manual Disconnect the supply with the supply disconnecting device Disconnect the auxiliary voltage supply to the FSO 11 Remove the wiring and the FSO 11 module Install the new drive See the drive Hardware manual Install the FSO 11 module and wiring to the new drive according to chapter Installation on page 65 Do one of the following the same letter as in
19. ET A dire input connected to the SLS with limits 1 None primary input No input connected No input connected connected E A E DXH82 Snemu x2 O e xma SmpempuXH34 O O O 8 oxn Snemna Sd 61 SLS1 input B Digital input connected to the SLS with limits 1 secondary input Secondary input is mostly used for cascade connection only SLS1 can be cascaded See parameters 188 Cascade A and 189 Cascade B Noe Nomptcnmeed O osz Smdemuxna2 CN Configuration 83 No Name Value Description Default sel value DXHS4 Single imputa Dixn amp i SmdempiXH4i CA Noe Nomuicomekd O Dixus2 SmdemwiXH32 b onsa SmdemwiXH34 CA Dixn amp i jSmdempiXH4i CA Noe Nomuicomeed O Dixus2 SmdemwiXH32 CA onsa SmdemwiXH34 CA Dixn amp i SmdemutXH4i CA Noe JNomutcmmded O 84 Configuration No Name Value Description Default sel value DIXHS2 Smempaxns2 eoo oma SmdempuXH34 CAN Dxm amp i JSmdempiXH4i CA 65 SLS1 trip limit SLS1 negative speed limit tripping the drive 250 0 rpm negative 3000000 pm Sped 66 SLS1 trip limit SLS1 positive speed limit tripping the drive 250 0 rpm positive EE NUI MEN AE 69 SLS2 2 trip limit SLS2 negative speed limit tripping the drive mu 0 rpm negative 3000000 pm Seed positive 00 30000pm Speed
20. FSO 11 will generate the necessary faults to the drive event system Note If Time is selected for the method of SLS activation monitoring the ramp used is defined by the drive ramp parameters No Name Value Description Default sel value 200 Safety Safety related parameters A 6 Stop completed Digital output indicating completion of any stop Active None IE PN Noe No input cometa D DOXMSS SmgeowpuXi38 DOXM amp 8 SmgeoupuXiM48 8 DOXM amp S SmpeoupuXt49 b 7 STO input A Digital input connected to the STO primary input DI X113 1 amp X114 1 Noe Nompicmmded b Dixna2 SmdemuxHa2 W onsa jSmdemuxns4 CN Configuration 77 No Name Value Description Default sel value IEC TE Do 8 STO input B Digital input connected to the STO secondary input Secondary input is mostly used for the cascade connection See parameters 188 Cascade A and 189 Cascade B one Nompicmmded O Dixns2 Smdeiuxna2 CN Dixns4 dSmdempuxHs4 CN oma SmdempuxH i CN Dixna2 SmdeiwuxHa2 hwo T R DIXM44 X114 4 DIXii44 Single input X114 4 9 iran delay after Time after which the restart is allowed after the STO EG ms 0 3 600 000 ms Time parameter defines how Nme Nome D 12 STO SBC delay Brake usage delay relative to the STO Negative 3 600 000 value means
21. Overview Implemented safety functions 33 Implemented safety functions Contents of this chapter This chapter describes how the safety functions are implemented with the drive and how they operate Safety functions The FSO 11 supports the following safety functions Safety function stop category Information Page Sare brake contol S66 sate brake ouput 42 Safe stop emergency SSE Configurable as STO or 50 with E Stop ramp Safely limited speed SLS speed SLS Safelylimitedspeed Safely limited speed speed Safe maximum speed SMS Function permanently on off 34 Implemented safety functions General Acknowledgement Acknowledgement can be configured to be manual or automatic separately for the start up STO SSE and SS1 always end in STO and SLS In manual acknowledgement there must be an acknowledgement button connected to the FSO 11 In automatic acknowledgement the FSO 11 automatically acknowledges the start up STO or SLS when this has completed successfully Acknowledgement cannot be performed if e safety function request is active STO SSE SS1 safety function is not completed SLS speed is not below monitored limit All active safety functions that can be acknowledged are acknowledged with the same acknowledgement The acknowledgement button is connected like a normal safety input 24 V in the input is the standby negative state and O V is the positive acknowledge
22. SmdemuxHa4 CN Dxn amp i SmdemuxH i O CN DIXHa2 SmdemwuxHa2 A Dixns SmdeiuxH4s m Dixma4 Single input xia mw 241 FSO DI status 2 mwxnss p Ofi On 3 muxns4 ozot i On H muxr i 0f 1 On 5 mwxnaz ozon icon 5 mwxn4s ozon 1 On 7 7 mpuxti a o Of 1 On O 7 mpuxti a o Of 1 On 1 On i kame Values o maxas osom H mwxna2 ozot i On Configuration 93 No Name Value Description Default sel value 242 FSO DO status Name Oupuxn4 o Output X114 9 243 FSO control word 1 States of the FSO commands 1 2 3 STO request SSE request 1 2 SS1 request 4 13 SLS4 request 0 Off 1 On 244 FSO control word 2 States of the FSO commands Bit Name Values 0 SDI negative request 0 Of 1 On 2 FSO brake 0 Off 1 On 245 FSO status word 1 FSO status word 1 Bit Name Values 0 FSO mode bit 1 0 Undefined 1 FSO mode bit 2 1 Boot mode 2 Running mode FSO mode bit 3 mode bI 3 Fail safe mode 4 Configuration mode FSO state bit 0 Safe state 1 Operational NO FSO STO active Brake state SSE monitoring SS1 monitoring 1 SARO monitoring 12 SAR1 monitoring Off 1 On 5 94 Configuration No Name Value Description Default sel value 246 FSO status word 2 1 2 SLS2 monitoring 3 L53 monitoring
23. Time 1 2 3 i ssE request Active I STO state STO state indication Active SSE state SSE state indication SSE completed indication C Ee A SSE time to zero speed with STO Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed SSE request removal allowed shaded area The SSE request can be removed after a minimum down time It must be removed before the acknowledgement is accepted STO activated after the SSE request has been received for example from the I O 3 After the time to zero speed A has elapsed the acknowledgement is possible as soon as the STO request has been removed 4 After the acknowledgement the STO and SSE are deactivated and the control is given back to the drive Acknowledgment not yet allowed before the motor is presumably stopped Implemented safety functions 51 Note Logic states of the STO state indication signal SSE state indication and SSE completed indication signals output are configurable 52 Implemented safety functions SSE with time monitoring Motor speed ASSE delay for STO B STO time to zero speed ctive l Inactive STO state STO state indication Active SSE state SSE state indication 1 SSE completed indication I SSE delay for STO
24. Time after which the STO is activated regardless of the speed a STO time to zero speed Time from the STO activation to the moment when acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed Relevant only if 3b occurs C Zero speed Speed limit for activating the STO SSE request removal allowed shaded area The SSE request can be removed after a minimum down time It must be removed before the acknowledgement is accepted E 3b If the drive has not ramped down fast enough when the delay for STO A has elapsed the STO is activated now and the time to zero speed B is started mm After acknowledgement manual or automatic the STO and SSE are deactivated 4 4b If the drive had not ramped down fast enough at 3b acknowledgement would become allowed now Note Logic states of the STO state indication signal SSE state indication and SSE completed indication signals output are configurable Note SSE monitoring is started immediately after the SSE request is received Implemented safety functions 53 For configuration see section How to configure SSE with time monitoring on page 117 in chapter Configuration SSE with ramp monitoring Motor speed A STO time to zero speed 11 EEE gt CL LAA MAMA AAA IEEE SETTLE Bi B Zero speed E na C C AA A A A AA eene li guum 11623 i20 3 4 uh
25. application and parameter SMS limit negative to zero 3 Ensure that the drive can be run and stopped freely 4 Start up the drive and accelerate in the forward direction to a speed reference higher than the SMS limit positive 5 The FSO 11 detects overspeed As a result the STO is activated and the drive displays a warning 6 Set an acknowledgement for example with the control panel restart the drive and check that the motor runs normally 7 Ifthe motor can rotate in the reverse direction set parameter SMS limit positive to zero and parameter SMS limit negative to half of the value to be used in the application and repeat the test procedure for the reverse direction 8 Set parameters SMS limit positive and SMS limit negative to their proper values 9 Repeat the test procedure as near as possible the maximum design speed of the machinery This design speed must be same or higher than the maximum speed of the drive 10 Restart the drive and check that the motor can run at the maximum and minimum speeds WARNING If the SMS test is to be performed with the machinery coupled to the motor make sure that the machinery is able to withstand the fast speed changes and the set maximum speed Authorized person The acceptance test of a safety function must be carried out by an authorized person with expertise and knowledge of the safety function The test report must be documented and signed by the authorized person Accepta
26. configure the SSE with time monitoring set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SSE with time monitoring see page 52 Example The figure below and the Example value column in the table show an example of an SSE with time monitoring set up e time monitored ramp redundant emergency button connected to input delay for activating STO 2000 ms Single output connected Speed activated brake not in use SSE function Emergency ramp SSE input A SSE output DI X113 1 amp X114 1 SSE monitoring method Time DO X113 9 SSE input B Speed SSE delay for STO SSE completed None output SSE SS1 SBC speed Zero speed No Name Value Description Example value 200 Safety Safety parameters 15 SSE SS1 SBC Absolute speed below which the brake is activated while 0 0 rpm ramping If the value is 0 0 rpm this feature is not in use X114 1 26 SSE input B Digital input connected to the SSE secondary input Secondary input is mostly used for the cascade connection Nene No input connected p 27 SSE function Function activated by the SSE ramp Emergency ramp SSE activates the SS1 with emergency ramp 28 SSE monitoring Method used for the SSE monitoring Time method 118 Configuration No Name Value Description Example value 29 SSE delay for Time delay after which the STO is executed if time 2000 ms STO monitoring
27. drive STO connection Use the tightening torque of 0 24 Nm 2 1 Ibf in for the FSO 11 terminals 5 Connect the digital inputs digital outputs test pulses and ground at the FSO 11 terminals X113 and X114 according to the application Use the tightening torque of 0 24 Nm 2 1 Ibf in O Installation 6 Connect the FSO 11 power terminals X112 Use the tightening torque of 0 24 Nm 2 1 Ibf in for the FSO 11 terminals x E VAINA 5665 gt N 6 978 XDIO XD24O 56 Y XRO3 Co ELE Installation checklists 71 Installation checklists Contents of this chapter This chapter contains a checklist for checking the mechanical and electrical installation of the FSO 11 module and refers to common cause failure checklists in standards Checklists Check the mechanical and electrical installation of the FSO 11 before start up Go through the checklists below together with another person Read chapter Safety on page 11 before you work on the safety system 2 Installation checklists General checklist MECHANICAL INSTALLATION See Planning for installation and Installation Mechanical installation The ambient operating conditions are within the allowed range The module is fastened properly ELECTRICAL INSTALLATION See Planning for installation and Installation Electrical installation The drive and the module are properly grounded to the same potential If a PELV power supply is used
28. is activated below the speed defined by parameter SSE SS1 SBC speed Check that the STO is activated Set an acknowledgement for example with the control panel if the automatic acknowledgement is not in use restart the drive and check that the motor runs normally If the motor can rotate in the reverse direction repeat the test procedure for the reverse direction Repeat the test with the other used SLS functions only the SLS1 can be cascaded Verification and validation 139 Validation of the SLS function with ramp monitoring Follow the steps below to validate the SLS function with ramp monitoring 1 10 11 12 13 14 15 Check the SLS1 input connections from the field equipment to the FSO 11 against the circuit diagrams If the cascade connection is used check the cascade connections and this checklist in all cascaded drives Ensure that parameter SLS7 limit positive is set properly and parameter SL S1 limit negative is set to zero see section How to configure SLSn with ramp monitoring on page 127 Set parameters SLS7 trip limit positive and SLS1 trip limit negative to the correct values less than the speed defined by parameter SMS limit positive and more positive than the speed defined by parameter SMS limit negative Check that the SARO ramp times are set properly see section How to configure SARn on page 123 Select the correct SLS acknowledgement method parameter SLS ackn
29. logic Logic state of digital output X114 8 state Activelow low Active state of the output is low voltage state of the output is low Active state of the output is low voltage 187 E X114 9 logic Logic state of digital output X114 9 AW high state Active high Active state of the output is high voltage Ho 200 DO diagnostic Length of the diagnostic pulse for digital outputs 1ms pulse length 1ms 1ms 201 DO diagnostic Cycle time m the diagnostic pulse falling edge for digital E 000 ms pulse period outputs time between diagnostic pulse falling edges 202 DO X113 7 diag Diagnostic pulse of digital output X113 7 on or off puse on of on Biagnostc pulse on C 203 2 X113 8 diag Diagnostic pulse of digital output X113 8 on or off pulse on off 204 DO X113 9 diag Diagnostic pulse of digital output X113 9 on or off On pinse on off 205 X114 7 diag Diagnostic pulse of digital output X114 7 on or off puse on off on Bisgnosi pulse on 206 D X114 8 diag Diagnostic pulse of digital output X114 8 on or off pulse on off 207 DO X114 9 diag Diagnostic pulse of digital output X114 9 on or off Off pulse on off 102 Configuration Cascade connection If the FSO 11 module belongs to a cascaded safety function connect the digital input also to the corresponding digital output See section Cascade on page 38 No Name Value Description Example value 200 Safety Safety parameters 169
30. machinery Safety related parts of control systems Part 1 General principles for design e EN 62061 2005 Safety of machinery Functional safety of safety related electrical electronic and programmable electronic control systems EN 60204 1 2006 Safety of machinery Electrical equipment of machines Part 1 General requirements Before starting the implementation of safety related systems it is highly recommended to read and understand the following manuals which will also be referred to in the later chapters of this manual e Functional safety Technical guide No 10 3AUA0000048753 English e Safety and functional safety A general guide 1SFC001008B0201 English e Firmware manual of the drive Related standards and directives Referenced standards are listed in the table below Safety of machinery Electrical equipment of machines Part 1 General requirements EN 60204 1 2006 IEC 61508 Parts 1 7 Functional safety of electrical electronic programmable electronic Ed 2 0 2010 safety related systems EN 61800 5 2 2007 Adjustable speed electrical power drive systems Part 5 2 Safety requirements Functional EN 62061 2005 Safety of machinery Functional safety of safety related electrical electronic and programmable electronic control systems EN ISO 12100 2010 Safety of machinery General principles for design Risk assessment and risk reduction EN ISO 13849 1 2008 Safety of machinery
31. o 21 STO completed Digital output indicating completion of the STO Active when the time defined by parameter 9 Restart delay after STO has elapsed after the STO request Non No output connected o Configuration 107 How to configure SBC before STO To configure the SBC before the STO set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SBC before the STO see page 44 Example The figure below and the Example value column in the table show an example of a set up of the SBC before the STO STO with negative brake redundant emergency button connected to input e automatic acknowledgement e restart delay after STO 600 ms e delayed brake with negative delay 500 ms brake connected to redundant output STO activated if brake feedback fails Note Maximum response time of the FSO 11 and drive combination is 100 ms STO acknowledgement Restart delay after STO STO input A _ STO output None STO input B STO completed None 4 STO activated output SBC activated Check also ds SBC output feedback input STO SBC usage Delayed brake DO X113 7 8 XTHET SBC feedback action No Name Value Description Example value 200 Safety Safety parameters 7 STO input A Digital input connected to the STO primary input DI X113 1 amp X114 1 DI X113 1 amp Redundant input X113 1 amp X114 1 1 X114 1 8 S
32. o 4 SLS4 monitoring o DI positive monitoring o 7 SDI negative monitoring 0 12 ISMS monitoring 247 Drive status word 1 Drive status word 1 Bit Name Description Values 0 Drivestatusbit1 O Disabled Drive status bit 2 BEEN 1 Readyon Drive status bit 3 A 2 Readyrun 3 3 Starting Drive status bit 4 4 Readyref 5 Stopping 6 Faulted Brake prooftest Drive 0 Off 1 On requests a brake proof test 5 Encoderpresent o om1 Or e mouton fo om1 Or 7 Stoore 070r 1 Or 8 Stoar 0 0f 1 0r B SS1 active State on the 0 Off 1 On SARO active driveside 0 Off 1 On 12 SAR1 active 0 Off 1 On Configuration 95 No Name Value Description Default sel value 252 FSO configuration FSO user configuration version version e 248 Drive status word 2 Drive status word 2 Bit Name Description Values SLS1 active State on the 0 Off 1 On SLS2 active driveside o Off 1 On 0 Off 1 On 0 Off 1 On ui SDI positive 0 Off 1 On active SDI negative 0 Off 1 On active 8 pmve brake 0 Om1 0n 9 STO 1 diag Drive has 0 1 10 STO 2 diag noticed an 0 4 STO diag nostic pulse on circuit 1 2 aS 96 Configuration Configuring general settings How to configure general settings To configure the general settings set the FSO 11 parameters listed in the table below to appropriate values using the Drive c
33. output connected O Noe No output connected O 87 SLS4 output Digital output connected to the SLS4 None No output connected o 130 Configuration Configuring SMS How to configure SMS To configure the SMS set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SMS function see page 57 Example The figure below and the Example value column in the table show an example of an SMS set up e SMS activated positive limit 1800 0 rpm negative limit 1200 0 rpm SMS function SMS limit positi e ee SMS limit negative No Name Value Description Example value 200 Safety Safety parameters SON 92 SMS function SMS activation Active Activates the Activates the SMS 93 d limit Negative speed limit A the SMS 0 rpm negative 94 SMS limit Positive speed limit for the SMS 1800 0 rpm positive Start up 131 Start up Contents of this chapter This chapter describes the general precautions to be taken before starting up the safety system for the first time Safety considerations The start up may only be carried out by a qualified electrician The safety instructions must be followed during the start up See the drive and the safety component specific safety instructions in the individual product manuals WARNING Until all the safety functionality is v
34. removed before the acknowledgement is accepted D Safety function response time SS1 request received for example from the I O After the safety function response time ramping down with SAR1 monitoring is started If the drive has not followed the ramp the STO is activated now and the time to zero speed A is started Speed goes below the defined zero limit the SAR monitoring is stopped and the STO is activated 4 After acknowledgement manual or automatic the STO and SS1 are deactivated and the control is given back to the drive which is allowed to modulate again If the drive had not followed the ramp at 2b acknowledgement would become allowed now Note Logic states of the STO state indication SS1 state indication and SS1 completed indication signals output are configurable For configuration see section How to configure SS1 with ramp monitoring on page 111 in chapter Configuration Implemented safety functions 49 SS1 with speed limit activated SBC Motor speed SS1 request STO state Active Inactive STO state indication SBC control SS1 state j SS1 state indication 881 completed indication WD Description SBC speed Speed below which the brake is activated while ramping Bo Zero speed Speed limit for activating the STO C SS1 request removal allowed shaded area The SS1 request can be removed after a mi
35. used 30 SSE output Digital output indicating activity of the SSE DO X113 9 DO X113 9 Single output X113 9 B 3 30 SSE completed Digital output indicating completion of the SSE Active when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Nene No output connected oo Configuration 119 How to configure SSE with ramp monitoring To configure the SSE with ramp monitoring set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SSE with ramp monitoring see page 53 Example The figure below and the Example value column in the table show an example of an SSE with ramp monitoring set up e monitored ramp SARO see section How to configure SARn on page 123 redundant emergency button connected to input Single output connected Speed activated brake not in use SSE function Emergency ramp SSE monitoring method Ramp SSE input A i SSE output DI X113 1 amp X114 1 CO Goer QUI SAR DO X113 9 SSE input B SSE completed None output SSE SS1 SBC speed Zero speed Time No Name Value Description Example value 200 Safety Safetyparameters OoOO o o 15 SSE SS1 SBC Absolute speed below which the brake is activated while 0 0 rpm ramping If the value is 0 0 rpm this feature is not in use Redundant input X113 1 amp X114 1 X114 1 26 SSE input B Digital input con
36. 07 capable up to SIL 3 SO 13849 part 1 2006 part 2 2003 capable up to PL e category 3 IEC 62061 2005 capable up to SILc 3 Beneath the integrated Safe Torque Off STO function within the industrial drive ACS880 series see certificate No SLA 0055 10 the additional safety functions Safely Limited Speed SLS Safe Maximum Speed SMS Safe Stop Emergency SSE Safe Stop 1 SS1 and Safe Brake Control SBC can be realized with the plug in safety functions module FSO 11 The whole assembly can be used in safety applications up to SIL 3 according to IEC 61511 The released versions of the certified FSO 11 are given in the tracking list for released versions of the FSO 11 This list is an add on to this certificate The certification is based on the report No aii SLA 0131 2009TB 3 in the valid version TUV NORD This certificate entitles the holder to use the T V NORD Systems GmbH amp Co KG pictured Safety Approved mark Expiry date 2017 09 21 Reference No G SEB BS 02 021 03 031 012 09 21 3 IEC 61508 SIL 3 IEC61800 52 SIL 3 ISO 13849 PL e IEC 62061SILc 3 SLA 0131 2009 V1 0 t Riege TUV NORD Systems GmbH amp Co KG Branch South Halderstr 27 86150 Augsburg Germany Safety information and considerations 21 Safety information and considerations Contents of this chapter This chapter contains general safety consid
37. 113 4 Configuration 103 Configuring STO How to configure STO To configure the STO set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the STO function see page 40 Example The figure below and the Example value column in the table show an example of a simple STO function set up redundant emergency button connected to input e automatic acknowledgement e restart delay after STO 1000 ms no output connected e no brake STO input A DI X113 1 amp X114 1 STO input B None SSE SS1 SBC speed No Name Value STO acknowledgement STO active Speed Restart delay after STO STO output None STO completed output STO SBC usage None Description Example value 200 Safety Safety parameters DESEE 7 STO input A Digital input connected to the STO primary input DI X113 1 amp X114 1 DI X113 1 amp X114 1 8 STO input B Redundant input X113 1 amp X114 1 Digital input connected to the STO secondary input None Secondary input is mostly used for the cascade connection See parameters 188 Cascade A and 189 Cascade B None No input connected o 9 Restart delay Time after which the restart is allowed after the STO 1000 ms after STO 11 STO SBC usage Brake usage is always coupled with the STO This None parameter defines how 104 Configuration No Name Value Description Example val
38. 5 V it is damaged and needs to be replaced WARNING For connecting the FSO 11 module to the drive only use wire kits A delivered by ABB 66 Installation Mechanical installation If you have ordered the FSO 11 module option with the drive it is delivered with the FSO 11 already installed and the FSO 11 data cable connected so you can go directly to section Electrical installation on page 67 If you have ordered the FSO 11 module option separately it is delivered in its own package Install the FSO 11 mechanically on the drive as described in chapter Mechanical installation in the drive Hardware manual Depending on the type of the drive the location of the module may be for example one of the following XDO xo240 fO ELE ELE Electrical installation Terminals The connections are shown in the figure below Electronics grounding screw Enclosure grounding screw at one of the mounting points depending on the drive type Installation 67 X110 DATA Data connection to drive control unit X111 STO 24 V STO ground STO1LO drive internal signal STO2LO drive internal signal XHx SOS 2 X113 DI Channel 1 digital input 1 DI Channel 1 digital input 2 Channel 1 digital input 3 D DI Channel 1 digital input4 GND DO Channel 1 digital output DO Channel digital output2 DO Channel digital output3 10 1 DI Channel 2 digital input 1 2 D Cha
39. 8 The LEDs are in two rows above the corresponding two rows of I O connectors The LED is lit if the state of the corresponding I O is ON 24 V in the input or output The data shown by LEDs is only indicative and cannot be considered safe 30 Overview HER Input output connections 4 redundant or 8 single digital inputs or combinations of redundant and single inputs Possible redundant pairs X113 1 amp X114 1 X113 2 amp X114 2 X113 3 amp X114 3 and X113 4 amp X114 4 e 3 redundant or 6 single digital outputs or combinations of redundant and single outputs Possible redundant pairs X113 7 amp X114 7 X113 8 amp X114 8 and X113 9 amp X114 9 two 24 V DC reference outputs with configurable diagnostic pulses Es Factory reset button under the label Connections The FSO 11 has several safety l O s for external safety devices for example buttons gates and indicators FSO 11 does not have ability to interface to an encoder When using the Safe brake control SBC function the mechanical brake is controlled by the FSO 11 For more information on the SBC see section Safe brake control SBC on page 42 One FSO 11 is needed for each drive inverter to be monitored Connection details are described in section Terminals on page 67 Type designation label The type designation label is attached on the top of the FSO 11 module An example label and explanation of the label contents are shown below
40. 9 DO X114 9 Single output X114 9 9 40 SS1 completed Digital output indicating completion of the SS1 Active when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Nene No output connected oo Configuration 111 How to configure SS1 with ramp monitoring To configure the SS1 with ramp monitoring set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SS1 with ramp monitoring see page 48 Example The figure below and the Example value column in the table show an example of an SS1 with ramp monitoring set up e monitored ramp SAR1 see section How to configure SARn on page 123 redundant emergency button connected to input Single output connected Speed activated brake not in use SS1 input A DI X113 1 amp X114 1 SS1 input B None SSE SS1 SBC speed Zero speed No Name Value 00 Safety 15 SSE SS1 SBC speed 35 SS1 input A DI X113 1 amp X114 1 36 SS1 input B None 3 SS1 monitoring method Ramp 39 SS1 output DO X114 9 SS1 monitoring method Ramp Remember to configure SAR1 SS1 output DO X114 9 SS1 completed output Description Example value Safety parameters E Absolute speed below which the brake is activated while 0 0 rpm ramping If the value is 0 0 rpm this feature is not in use Digital input connecte
41. ABB OY E 11 SN o CODE Ww No Description OS C a aaee Serial number of format MYYWWRXXXX where M Manufacturer YY 11 12 for 2011 2012 WW 01 02 03 for week 1 week 2 week 3 R A B C for product revision number XXXX Integer starting every week from 0001 ABB MRP code of the FSO 11 module Combined ABB MRP code and serial number RoHS mark Overview 31 Operational characteristics The FSO 11 monitors that the drive operates within the configured operating limits and if the limits are exceeded activates the STO function within the response time Activation of the STO function removes the torque and if configured applies the brake WARNING The Safe torque off function does not disconnect the voltage of the main and auxiliary circuits from the drive See the warning on page 25 Prevention of unexpected start up is also handled by the FSO 11 The supported functions are preprogrammed in the firmware they cannot be programmed in any way Authorized personnel configure the FSO 11 with the Drive composer pro PC tool The FSO 11 checks the authorization with a password before it is possible to edit the FSO 11 parameters Parameters are sent from the tool to the drive and after the tool has displayed the CRC values of the parameters the user must validate the feedback values The FSO 11 goes into the Fault state if it detects an internal fault during its diagnostics tests 32
42. ABB industrial drives FSO 11 safety functions module Power and productivity Ah ED ab for a better world PR EP ED List of related manuals Drive hardware manuals and guides ACS880 01 hardware manual 3AUA0000078093 ACS880 01 quick installation guide for frames R1 to R3 3AUA0000085966 ACS880 01 quick installation guide for frames R4 and R5 3AUA0000099663 Code English ACS880 01 quick installation guide for frames R6 to R9 GAUA0000099689 ACS880 04 hardware manual 3AUAO00001 28301 ACS880 07 hardware manual 3AUA0000105718 ACS880 104 inverter modules hardware manual 3AUA0000105718 ACS880 107 inverter units hardware manual 3AUA0000102519 BCU 02 12 22 control units hardware manual 3AUA0000113605 ACS AP x assistant control panels user s manual 3AUA0000085685 Drive firmware manuals and guides ACS880 primary control program firmware manual 3AUA0000085967 Quick start up guide for ACS880 drives with primary 3AUA0000098062 control program General safety manuals and guides Functional safety Technical guide No 10 3AUA0000048753 Safety and functional safety A general guide 15FC001008B0201 Option manuals FSO 11 safety function module user s manual 3AUA0000097054 Tool manuals Drive composer start up and maintenance PC tool user s 3AUA0000094606 manual You can find manuals and other product documents in PDF format on the Internet See section Document library on the Internet on the inside of the back cover For manuals not availabl
43. DO X114 7 SL S2 trib limit negative SLS2 limit positive Remember to configure SAR1 Zero speed o e SLS2 limit negative u SI S2 trip limit negative No Name Value Description Example value 200 Safety Safety parameters DES 62 SLS2 input Digital input connected to the SLS with limits 2 DI X113 3 amp X114 s DI X113 3 amp Redundant input X113 3 amp X114 3 X114 3 69 SLS2 trip limit Am rpm negative 70 SLS2 trip limit SLS2 positive speed limit tripping the drive 1320 0 rpm positive 128 Configuration No Name Value Description Example value 71 SLS2 limit SLS2 negative speed limit for the drive 900 0 rpm negative 72 SLS2 limit SLS2 positive speed limit for the drive 1200 0 rpm positive 81 SLS activation Method of SLS activation monitoring Ramp monitoring method Ramp Ramp monitoring o 85 SLS2 output Digital output connected to the SL S2 DO X114 7 DO X114 7 Single output X114 7 T 88 SLS SLS acknowledgement method Automatic acknowledgeme nt Automatic Automatic acknowledgement after the removal of 1 requests For SLSn n 1 3 4 instead of SLS2 parameters configure the corresponding SLSn parameters listed in the table below as appropriate The Example value column shows the parameter default values No Name Value Description Example value 200 Safety Safety parameters Saas 60 SLS1 input A Digital input connected to the SLS with limits 1 primary input
44. Fault in FSO drive Check all connections See the Aux communication control unit VVSL FEN code for more details for the fault or FIG communication moment for ABB internal use only A7D7 FSO configuration Fault in FSO configuration Check the FSO 11 configuration fault Fault tracing 145 Code Cause What to do hex A7D9 FSO encoderless Speed estimate too large Check the behavior of the driven load compared with the drive control parameter settings Check suitability of the drive train and the motor Adapt control parameters if gear play or torsional rigidity causes problems ATDA FSO temperature FSO temperature fault Check ambient conditions usually over temperature Replace the FSO 11 module Contact your local ABB representative Warnings Code Cause What to do hex A7DO FSO warning Warning from the See Aux code for more details for FSO 11 for example the moment for ABB internal use transition to the only Configuration state acknowledgement button operated in a wrong way external request ending in the STO if configured as a warning safety function limit hit from the SLS if configured as a warning 146 Fault tracing Events Code Event Cause What to do hex B790 FSO event A pure event not a fault See Aux code for more details for or warning for example the moment for ABB internal use external request ending Only in the STO if c
45. M F mode for Master follower mode of this FSO 11 module for both A follower A follower B This module is a follower on cascade connection A and a follower on cascade connection B AEN 176 Cascade A For each FSO module in cascade A the digital input connected to the safety function is also internally connected to the corresponding digital output of the module digital input gt digital output This resembles a master follower connection See section Cascade on page 38 X113 1 amp X114 1 Redundant cascade X113 1 8 X114 1 gt X113 7 amp X114 7 1 gt X113 7 8 X114 7 177 Cascade B For each FSO module in cascade B the digital input connected to the safety function is also internally connected to the corresponding digital output of the module digital input gt digital output See section Cascade on page 38 Nom Not cascaded y Safety relays If the FSO 11 module belongs to a cascaded safety function connect the digital input also to the corresponding digital output No Name Value Description Example value 200 Safety Safety parameters a 196 Safety relay 1 Output for the safety relay 1 DO X113 8 output amp X114 8 DO X113 8 amp Redundant output X113 8 amp X114 8 2 X114 8 197 Safety relay 1 Feedback input of the safety relay 1 DI X113 4 feedback 198 Safety relay 2 Output for the safety relay 2 output 199 Safety relay 2 Feedback input of the safety relay 2 feedback DI X113 4 Single input X
46. None No input connected o 61 SLS1 input B Digital input connected to the SLS with limits 1 secondary input Secondary input is mostly used for cascade connection only SLS1 can be cascaded Nene Nomutomedd D 64 SLS4 input Digital input connected tothe SLS wihimis4 None None _ Noinputconnectedd O 65 SLS1 trip limit SLS2 positive speed limit tripping the drive 250 0 rpm negative 66 SLS1 trip limit SLS2 positive speed limit tripping the drive 250 0 rpm positive 67 SLS1 limit SLS2 negative speed limit for the drive 200 0 rpm negative 68 SLS1 limit SLS2 negative speed limit for the drive 200 0 rpm positive 73 SLSS3 trip limit SLS3 negative speed limit tripping the drive 650 0 rpm negative Configuration 129 No Name Value Description Example value 74 SLS3 trip limit SLS3 positive speed limit tripping the drive 650 0 rpm positive 75 SLS3 limit SLS3 negative speed limit for the drive 600 0 rpm negative 76 SLS3 limit SLS3 positive speed limit for the drive 600 0 rpm positive 77 SLS4 trip limit SLS4 negative speed limit tripping the drive 1050 0 rpm negative 78 SLS4 trip limit SLS4 positive speed limit tripping the drive 1050 0 rpm positive 79 SLS4 limit SLS4 negative speed limit tripping the drive 1000 0 rpm negative 80 SLS4 limit SLS4 positive speed limit for the drive 1000 0 rom positive Noe No output connected Secondary output is mostly used for cascade connection Noe No
47. O DO X113 9 Speed SSE input B SSE completed None output SSE SS1 SBC speed Zero speed me No Name Value Description Example value 200 Safety Safetyparameters oOo o 15 SSE SS1 SBC Absolute speed below which the brake is activated while 240 0 rom ramping If the value is 0 0 rpm this feature is not in use Redundant input X113 1 amp X114 1 1 X114 1 26 SSE input B Digital input connected to the SSE secondary input None Secondary input is mostly used for the cascade connection 27 SSE function Function activated by the SSE Emergency Emergency ramp SSE activates the SS1 with emergency ramp 28 SSE monitoring Method used for the SSE monitoring method 122 Configuration No Name Value Description Example value 30 SSE output Digital output indicating activity of the SSE DO X113 9 DO X113 9 Single output X113 9 6 o 31 SSE completed Digital output indicating completion of the SSE Active when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Configuration 123 Configuring SAR How to configure SARn To configure the SARn n 7 O 1 set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool Example The figure below and the Example value column in the table show an example of a SARO set up e SARO e ramp time from scaling speed to zero 800 ms e minimum allowe
48. O 1 module failure 2c scektvbeoatecinctadsadsadee seo ex qr ERG SCENE RE 147 Replacing the FSO 11 module oo oooocooocnconoo rh 147 Drive replacement a ei 6nd cx dom ek Rx bea la te Wok ew od GAS OX Rw ES 148 Reinstalling the FSO 11 module to another drive 0 0 00 cee ees 148 Drive firmware Update siu dea e sensor 2205 ORE FW Be Race Rd kde eee eke eS 149 Updating the firmware of the drive where the FSO 11 is installed 149 g euRAC OMFRRPCCPCTCCCITT 150 B CUI sen a ad a Tr 150 Proof tests animar 2 be ied He eed Od he ddd meas amp ale bho aia e dere ia 150 DECOMMISSIONINO MIU 150 14 Technical data Contents of this chapter 0 0 llli rr 151 EISCC OANA eira D M 151 Control connection data 3s redeam b em cR repetir aaa 151 Terminal and lead through data for the control cables o o o ooooo o 152 Degrees Ol protectio icon dairy dura Aer acq Wah sot dr aod aetas de cud 9b Aa qe NEA od arte ZR d ere x 152 Size and weight a 3 24 222 3 25 3n Rog ada ru don ot Sog Red ado roi dcs 152 Soo MI cTPr T r e u ETPT 152 Speed estimation ato 0 9 2 09 8 dice abode CEA a Uri aide os ii usce e US n UU n Op aca 153 Solely UNCION P 154 Sle Cala espro E hans hore A ee er 155 tur MePTT r 155 e AA A A ae a ah em a ke 156 Safety data for some t
49. O OR a CR 34 Ramp MONON v6 rmm 35 FUNCION ING GAMO dardo ae ech cr 36 vici A 37 rr 38 Sale Wous Of STO PDT 40 STO base TONCO sepa che d Lac do C ee wee Rae cee a ead Boc od an ac Cae oe 40 sale brake control SBC sues s oer reo cae behead Rede ene eee eek m cit bata 42 SDC Mel 10 AA oe eae ok eee Oe he ae od ee ee oe 42 o DTO eee ie tad A aid ql adc ede ch A ad eir t Ue RR e E E eh a 44 Sale SION MISS Ds ea oe tiene m 46 591 with time monitoring esee IRI Itt 46 SS1 with ramp monitoring 6 llle 48 SS1 with speed limit activated SBC ooooocooooonoo a 49 Safe stop emergency SSE o ooooocococoor leer 50 SSE with time monitoring c l RII ee 52 SOE with ramp Monitoring essen edo e Ee ee e a ESI a cani a mca cna 53 SSE with speed limit activated SBC o ooooococoona 54 Safely limited speed SLS irc A id E RAR AA 55 SLS with speed below monitored speed l l ellen 55 SLS with speed above monitored speed o o ooocooocoooo eee 56 Safe maximum speed SMS o ooocococoooo eer rn 57 6 Planning for installation Contents of this chapter rase cete bae do Feat Odean aa 59 Requirements for designers and installers llle 59 Mechanical installation aaa 59 lyscdruenlicq cc P ET 59 Electrical installati n esoo aro ae oa 60 General requirements comisaria rra aaa 60 CONNECCION S nerd reas seats d
50. TO input B Digital input connected to the STO secondary input Secondary input is mostly used for the cascade connection 108 Configuration No Name Value Description Example value 9 Restart delay Time after which the restart is allowed after the STO 600 ms after STO 11 STO SBC usage Brake usage is always coupled with the STO This Delayed parameter defines how brake Delayed brake Time controlled brake 12 STO SBC delay Brake usage delay relative to the STO Negative value means that the brake is activated before STO activation Note Mechanical brake delays must be included in here 16 SBC output Digital output connected to the SBC output brake relays DO X113 7 amp X114 7 DO X113 7 amp Redundant output X113 7 amp X114 7 1 X114 7 18 SBC feedback X Action taken when there is a problem on the SBC STO action feedback STO STO activate o 19 STO STO acknowledgement method Automatic B uM Automatic acknowledgement after the removal of 20 STO output Digital output indicating activity of the STO None No output connected o 7 21 STO completed Digital output indicating completion of the STO Active when the time defined by parameter 9 Restart delay after STO has elapsed after the STO request Configuration 109 Configuring SS1 How to configure SS1 with time monitoring To configure the SS1 with time monitoring set the FSO 11 parameters listed in the table below to appropriate values usi
51. able delays can change the response time FSO 11 response time from an FSO 11 input to the Maximum 50 ms drive STO activation from an FSO 11 input to an Maximum 35 ms FSO 11 digital output activation Cascade response time from the cascade input to the Maximum 35 ms cascade output activation from the cascade input to the Maximum 35 ms function activation If the STO is cascaded the worst case maximum time when the last FSO 11 has activated the STO is n 35 ms where n is the number of cascaded FSO 11 modules 00594987 xls B Dimension drawings 159 Dimension drawings The dimension drawings of the FSO 11 module with two different bottom plates for different drive control unit types are shown below The dimensions are given in millimeters and inches 160 Dimension drawings FSO 11 oco NM IAM CU 13 BOTTOM PLATE 65 20 re m ca e sd 16 Further information Product and service inquiries Address any inquiries about the product to your local ABB representative quoting the type designation and serial number of the unit in question A listing of ABB sales support and service contacts can be found by navigating to www abb com drives and selecting Sales Support and Service network Product training For information on ABB product tra
52. activated Implemented safety functions 37 States The FSO 11 can be in one of the following states Powerdown STO active power off below 19 V e Start up STO active power on above 19 V start up checks performed Configuration STO active setting of parameters Operational STO inactive FSO 11 running e Safe STO active FSO 11 running Fault STO active FSO 11 or communication fault detected Dp Power Power down switgh off STO active Drive com poser pro A ee Drive com Drive com F poser pro poser pro Configuration STO active imc ee Fault Normal obligatory transitions STO active gt Possible transitions At power up the FSO 11 goes into the Start up state it performs start up checks and according to the configuration enters the Operational state either automatically or after a manual acknowledgement 38 Implemented safety functions The Drive composer pro PC tool can request the Configuration state when the FSO 11 is in the Start up Operational Safe or Fault state and the drive is in the Torque off mode not modulating The FSO 11 exits the Configuration state into the Start up state either by a request from the Drive composer pro PC tool or by removing the power from the FSO 11 through the Power down state In the Operational and Safe states the FSO 11 can execute the safety functions Note When the FSO 11 is in the Configuration state the
53. alidated the system must not be considered safe Y Checks Before starting the system for the first time make sure that the installation has been checked according to the individual product checklists drive safety component and the checklist provided in this document all necessary configuration steps have been completed alltools are cleared from the installation area to prevent short circuits and projectiles Starting the system does not cause any danger For the start up and validation of the STO see chapter Planning the electrical installation section Implementing the Safe torque off function in the drive Hardware manual 132 Start up Verification and validation 133 11 Verification and validation Contents of this chapter This chapter describes verification and validation of the implemented safety functionality Verification and validation produce documented proof of the compliance of the implementation with specified safety requirements Further information can be found in Technical guide No 10 Functional safety 3AUA0000048753 English Verifying the achieved SIL PL level Verification of the functional safety system demonstrates and ensures that the implemented safety system meets the requirements specified for the system in the safety requirements specification phase The most convenient way to verify the required SIL PL level reached with the implemented system is to use a spe
54. and encoder supporting version of the FSO must be used to measure and monitor the shaft speed Speed estimation The FSO 11 monitors the frequency with which the drive is rotating the magnetic field in the motor because the FSO 11 has no way of detecting the actual speed with which the motor shaft is rotating Note Speed is used in this manual instead of frequency Note It must be taken into account in the system design that the FSO 11 estimation and the actual motor speed differ by the slip which is dependent on the load of the motor among other things Safety information and considerations 25 Characteristics The allowed speed range depends on the used motor 18000 18000 rpm Max speed range AA P Number of motor pole pairs Proof testing Periodic proof testing of for example electromechanical parts of the safety system may be required in order to maintain the claimed SIL PL level of the system In this case proof testing must be taken in to consideration in the safety calculations and it must be properly documented in the user documentation Proof testing has to be verified in the acceptance testing during the commissioning phase The FSO 11 module itself does not require periodic proof testing External contactors relays and mechanical actuators must be sized correctly for safety use as the automatic diagnostics only monitor the electrical connections the mechanical final elements like brakes are no
55. arameters or the configuration you must check the safety of the entire system by doing a verification according to the system safety verification plan and by doing a validation of the correct operation of the safety application See Verification and validation on page 133 Response times Safety function response time and FSO 11 response times are specified in section Response times on page 158 FSO 11 diagnostics The FSO 11 performs extensive auto diagnostics tests during the runtime operation on FSO 11 internal parts as well as the communication and STO connection between the FSO 11 and the drive and it will go into the Fault state if it detects a fault If the safety functions are still in control the SSE is activated otherwise the STO is activated e The communication between the FSO 11 and the drive is diagnosed continuously e The STO connection between the FSO 11 and the drive STO connector is diagnosed during the power up and periodically during the runtime Safety information and considerations 23 I O The FSO 11 supports input and output redundancy The FSO 11 provides an option for applying diagnostic pulsing for its inputs and outputs When applied the pulsing enables the FSO 11 diagnostics to detect cable failures as follows e Inputs Open circuiting and short circuiting failures are detected with the exception of failures that short circuit the sensor These failures are detected upon input activation when red
56. be added to the target time to calculate the 500 ms time to zero Stopping SLS ramp maximum time 0 10 000 ms Time 127 SAR initial allowed Initial allowed range for the SAR min max modifies 100 ms range the range when the ramp goes on 3 60 000 ms acknowledgement requests requests 162 Acknowledgement Digital input connected to the button for None acknowledging operations 7 DI X113 2 Single input X113 2 DI X113 3 Single input X113 3 2 163 Zero speed without General zero speed limit for safety functions when no 90 0 rpm encoder safety encoder in use 88 Configuration No Name Value Description Default sel value AN E o 165 Motor nominal Defines the nominal motor speed 1500 0 rpm speed 10 30000 pm Speed 166 Motor nominal Defines the nominal motor frequency 50 00 Hz frequency 000 50000Hz Feweny 167 STO indication ext Type of the generated event for an external request request STO SSE or SS1 ending in the STO faults generating the STO are always faults Nue No event generated 168 STO indication Type of the generated event for the STO or SSE safety limit caused by a safety function limit hit faults generating the STO are always faults Noe No event generated Oooo o 181 M F mode for Master follower mode of this FSO 11 module for both A follower A follower B This module is a follower on cascade connection A we E Indatotoweroncascatecomec
57. cabling appropriately for example by using double shielded cables Never mix 24V level signals with non ELV signals or power feeds in the same cable e Safety Related Electronic Control System SRECS signal cables for the individual channels must be routed separately from the other channels at all positions or sufficiently shielded e SRECS signal and electrical energy power cables must be separated at all positions or sufficiently shielded Cross connection between the channels of the subsystem must be prevented e Signal paths must be physically separated for example separation in wiring 62 Planning for installation Standard function and wiring examples Passive switch Examples Limit switch e Emergency stop button X113 X114 Physical separation of the different channels or appropriate TP 10 cable protection eg double 9 shielding 8 7 6 5 4 3 a Channel separation Diagnostic pulses Relay contactor output with feedback Safety relays must have positive driven contacts Contactors must have mechanically linked contacts Examples e Brake control e Door gate unlock X114 X113 N OBAO DIN 00 O AAA Diagnostic pulses Planning for installation 63 Active sensors input signals from solid state devices Examples PLC 24 V DC PNP Light curtain OSSD Physical separation of the different channels or appropr
58. cific safety calculator software Validation procedure WARNING Until all the safety functionality is validated the system must not be considered safe The acceptance test must be performed to each safety function 134 Verification and validation The acceptance test using the start up checklist described below see Validation checklist for start up must be performed e at initial start up of the safety function e after any changes related to the safety function wiring components settings etc e after any maintenance work related to the safety function The acceptance test should include at least the following steps having an acceptance test plan testing all commissioned functions for proper operation testing all used inputs for proper operation testing all used outputs for proper operation documenting all acceptance tests performed testing person signing and archiving the acceptance test report for further reference Validation checklist for start up Validation of the STO function Note The STO is the basic safety function and it has to be validated first The acceptance tests for the STO function of the drive are described in chapter Planning the electrical installation in the drive Hardware manual Validation of the other safety functions Once the system is fully configured and wired for the safety functions and the start up safety check has been done you must carry out the following func
59. d ramp 500 ms e maximum allowed ramp 1000 ms SARO Zero speed SARO min ramp time SARO max ramp to zero time to zero SARO ramp time to zero No Name Value Description Example value 200 Safety Safeyparametes 103 SARO ramp time Emergency ramp target time from the scaling speed to 800 ms Mo eseospeed AS 104 SARO min ramp Time to be subtracted from the target time to calculate the 500 ms P in 206 emergerey amp inna ime not mated o 105 SARO max ramp Time to be added to the target time to calculate the 1000 ms time to zero emergency ramp maximum time 106 SAR1 ramp time Stopping SLS ramp target time from the scaling speed to zero to the zero speed 107 SAR1 min ramp Time to be subtracted from the target time to calculate the time to zero Stopping SLS ramp minimum time 1 not monitored 108 SAR1 max ramp Time to be added to the target time to calculate the time to zero Stopping SLS ramp maximum time 124 Configuration Configuring SLS How to configure SLSn with time monitoring To configure the SLSn n 1 4 with time monitoring set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SLS function see page 55 Example The figure below and the Example value column in the table show an example of an SLS1 with time monitoring set up e SLS1 time monitored redundant activation button connected t
60. d to the SS1 primary input DI X113 1 amp X114 1 Redundant input X113 1 amp X114 1 Digital input connected to the SS1 secondary input Secondary input is mostly used for the cascade connection No input connected Method used for the SS1 monitoring Ramp monitoring Digital output indicating activity of the SS1 DO X114 9 Single output X114 9 8 112 Configuration Example No Name Value Description value 40 SS1 completed Digital output indicating completion of the SS1 Active None output when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Configuration 113 How to configure SS1 with speed limit activated SBC To configure the SS1 with speed limit activated SBC set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SS1 with speed limit activated SBC see page 49 Example The figure below and the Example value column in the table show an example of an SS1 with speed limit activated SBC set up e monitored ramp SAR1 see section How to configure SARn on page 123 redundant emergency button connected to input Single output connected Speed activated brake in use speed below which the brake is activated 180 0 rpm SS1 monitoring method Ramp Remember to configure SAR1 SS1 input A SS1 output DI X113 1 amp X114 1 DO X114 9 SS1 input B SS1 completed
61. delay so that the SBC is activated while the motor is still rotating as in the example above For configuration see section How to configure SBC after STO on page 105 in chapter Configuration 44 Implemented safety functions SBC before STO The target of the negative SBC delay is to have the mechanical brake closed just before or at the same moment as the STO is opened The operation of the SBC before the STO is described in the time diagram and table below Motor speed i M B STO time to zero speed A mu AA SBC delay lt 0 Inactive Active STO state indication SBC control Active NA STO completed indication MEE SBC delay Time from the STO activation to the moment when the mechanical brake is active on Value negative Time to zero speed Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed C STOrequest removal allowed shaded area The STO request can be removed after a minimum down time It must be removed before the acknowledgement is accepted SBC activated after the STO request has been received for example from the I O 2 Braking has ended and the motor is at a standstill EN STO activated after the SBC delay A has elapsed 3 4 After the time to zero speed B has elapsed the acknowledgement is possible as soon as the STO request
62. e Firmware manual 3 Perform the start up procedure according to chapter Start up on page 131 4 Perform the validation procedure for each safety function according to chapter Verification and validation on page 133 Note The STO is the basic safety function and it has to be validated first The acceptance tests for the STO function of the drive are described in chapter Planning the electrical installation in the drive Hardware manual 5 Update the HW and SW versions of the new drive to the logbook of the driven machine 150 Maintenance Factory reset Do a factory reset if you forget the password you want to do the configuration again from scratch Note The factory reset clears the configuration and takes the factory default values back in use These default values are not the same as the pre set values in a delivered FSO 11 and these default values are invalid for restart The FSO 11 needs a full reconfiguration before it can be restarted 1 Lift the Factory reset label to the right of the I O terminals and push the button underneath with for example a pen until the LEDs start to blink about 5 seconds This returns the factory settings parameters including the password to the FSO 11 2 Reconfigure the safety functions with the Drive composer pro PC tool Make sure that parameter 9 Restart delay after STO is set to a proper value 3 Specify a new password with the tool Update After any changes in the
63. e Warnings which are shown to the user even if there are faults Faults which stop the drive and are shown to the user Auxiliary code Faults warnings and events have 32 bit auxiliary codes which help in pinpointing the problem For the moment auxiliary codes are for ABB internal use only Faults and delayed faults All faults are sent to the drive as warnings and when the safe state is reached the general fault is sent General fault The FSO general fault stops the drive immediately Normally this fault is sent to the drive after one of the warnings below which are actually delayed faults Code Cause What to do hex 7A8B FSO general fault A general fault message See the warning log for more from the FSO 11 information Warnings delayed faults Code Cause What to do hex FSO internal fault Internal fault in the Replace the FSO 11 module Contact FSO 11 module your local ABB representative See the Aux code for more details for the moment for ABB internal use only A7D2 FSO IO fault Problems in the I O Check the FSO 11 1 O cabling See cabling the Aux code for more details for the moment for ABB internal use only A7D3 FSO STO fault Problems in the STO Check the FSO 11 STO cabling cabling or inside the drive A7D4 FSO STO FSO STO activated for See the Aux code for more details activation external request limit hit for the moment for ABB internal use or normal operation only
64. e in ACS880 drives see page 40 e Safe brake control SBC see page 42 e Safe stop 1 SS1 without encoder only see page 46 e Safe stop emergency SSE see page 50 e Safely limited speed SLS without encoder only see page 55 e Safe maximum speed SMS see page 57 Note The FSO 11 does not support encoder or safe fieldbus in safety applications Target audience The manual is intended for qualified persons who design the safety application plan the installation as well as install and commission the safety application Read the manual before starting work on the safety application The reader is expected to know the fundamentals of safety technology electricity wiring electrical components and electrical schematic symbols Purpose of the manual The manual explains how to install the FSO 11 safety functions module and configure and commission the supported safety functions It describes how to meet and maintain safety life cycle requirements of the FSO 11 to ensure required safety performance and specified safety integrity Drive specific technical configuration and installation details are found in the drive Hardware manual see List of related manuals on page 2 Introduction to the manual 15 Contents Chapter Safety page 11 explains the usage of warnings in this manual Chapter ntroduction to the manual this chapter page 13 states exclusion of liability and describes the applicability compatible products sup
65. e in the Document library contact your local ABB representative User s manual FSO 11 safety functions module O 2012 ABB Oy All Rights Reserved 3AUA0000097054 Rev B EN EFFECTIVE 2012 10 15 Table of contents 5 Table of contents List or related manuals sssaaa atika is ee eee RUE aa ace E a ace ee 2 1 Safety Contents or this Chaple 23 24 000 os emm da oy oe dl n eee eed et dob eoe wee eee dw 11 Use Ol WAEPDIPIOS s cerita te e ree o do cip Do al acto On kW es cias Se a kh lop ale 11 2 Introduction to the manual Contents or this Chaplel ss sredi sonda woes og ae om p Hee en ob io ox ee tm tos 13 EXCIUSION OF MWBblliDy esa ar acted gelo eene colebant aco ka Ea aca RAE cacas ASA dra 13 ADIGA ee PI rrrrT 13 Compatible DIOGHG BS saciar codi Das POSSE Ree oi pee hee 14 B oe oe eee ces aoe Oe a eee ne ad Sees Oe ee ee etree oes ke Ge eee oe oud 14 VOS Rm 14 Supported safety functions iss yx mk he a ceda 14 Ela c III 14 Purpose of the manual 32 69 rosada dare ed 14 COMENTES aos eras ao rod en pie Ba pat estira ee ee eee alee 15 Recommended reading arae ca aeg ec a code ca gr tace d fe p di Aa ek 16 Related standards and directives illii ees 16 Bu A 17 lin PEPPER 18 ei ETE TEE o TUO ea as T o eter earn nea eau s 19 eic A ae a eee eee eee we eee ee ee 19 ONG Aq rrr 19 eade d rcP rrrcvr
66. ediate increase of the risk s Stop category There are three categories of stop functions stop category 0 an uncontrolled stop where power to the machine actuators is removed immediately stop category 1 a controlled stop where the machine actuators have power for stopping after which the power is removed stop category 2 a controlled stop where the machine actuators continue to have power Category 0 and 1 definitions also apply to Emergency stop categories Validation Confirmation by for example analysis that the safety system meets the functional safety requirements of the specific application Verification Confirmation by for example testing that the safety system meets the requirements set by the specification Zero speed Speed below the value given with parameter 163 Zero speed without encoder on page 87 Terms The following terms are used in this manual as defined in the table below Term Definition active Load in systems where the motor C does not decrease when the motor load control is stopped Life time The period of time for which a device is designed to remain within it s specifications Safety function Function with a specified safety performance which is intended to maintain the safe condition of the installation or prevent hazardous conditions arising at the installation Example Safe torque off STO Safety module Part of a pies system paysia entity p
67. eed 1 SSE Safe stop emergency Speed related functions SLS Safely limited speed SMS Safe maximum speed SAR Safe acceleration range SAR is only used for deceleration with S81 SSE and SLS Technical data 155 Safety data General To determine the SIL PL capability of the whole safety function where FSO 11 is included the failure rates PFD PFH of all components implementing the safety function see the figure on page 155 must be added e FSO 11 module with its subsystems The FSO 11 acts as the logic part in the safety function Safety data for different subsystems are shown in section Basic safety data on page 156 Safety data for some typical configurations of these subsystems are pre calculated and shown in section Safety data for some typical configurations on page 157 Drive STO All safety functions implemented with the FSO 11 utilize the drive STO as the actuator For the safety data see the drive Hardware manual Sensors input devices and possible additional actuators For the safety data see the manufacturer s documentation FSO 11 Drive Switch y input e device magta input Los el Speed l Additional measure Digital actuator ment 1 output eg relay or cascaded L ESO11 The safety data of the FSO 11 and the drive is composed of the safety data of the subsystems used in the FSO 11 and the safety data of the drive STO Note 1 The Speed measurement subsy
68. eep pid UE ais is ere de 60 Power supply connection cables 0 0 0c ccc eee eee 61 Ensuring the EMC compatibility 0 20 0 2 eee 61 Selecting control CADISS ss aora doe re dC te esf ch iiec deci BP cire d ale dra hw Sos 61 Routing Mecables sumada CPP 61 Standard function and wiring examples oooocooococooa eee 62 Table of contents 7 7 Installation Contents of this chapter s 5d aram pata a bud don tete CRT dos See ena 4 ee dod 65 Mechanical installation cce ee eee eee 66 Electrical installation 2 uds 04 sobra bode ck deeds cach bbe oa E EUR twee ds a 67 Terminals s era este ade tados yu ce pen nice eee A de he caido ee 67 Connection DIOC ede cesa S er pP age awa ORE MORE REGUM eq e DRE AAA Ree 68 8 Installation checklists Contents of this chapte os sucer ei ral Some sca Re edd Rm y ls EL Rer we eee aes 71 egcedc cm CT rmrr MTTTMTSTT 71 E E checklist ic a d arcs wd ed bo eee eu d dA quei d ee rere a dove bud dud qa teo et 72 Common cause failure CCF checklists oooooooooocoooorm om 72 9 Configuration Contents of this chapter inodoros asada oda da eke env d qox dod 73 Pa OVO ee ree aE e me ahh bdo Sh ee a ode os Oe we a ae 73 COMIQUINE De ESOS asus etn a ros lord a ented io ae eds A ne ee 2g 73 90 11 parameters ei ici ion ni ee 76 Configuring general settings llle RR Inh 96 How to configure general settings
69. ees pe 190 saet memo 0 functions module drive and sensors Introduction to the manual 19 Abbreviations Safety related This manual uses abbreviations for safety levels as defined in the table below Abbreviation Reference Description LN gt ISO 13849 1 Number of cycles until 10 of the components fail dangerously for pneumatic and electromechanical components DC EN ISO 13849 1 Diagnostic coverage 96 O E 61508 Failure in time 1E 9 hours Expected failure rate of semiconductors and other electronic devices HFT o IEC 61508 Hardware fault tolerance MTTFg EN ISO 13849 1 Mean time to dangerous failure The total number of life units the number of dangerous undetected failures during a particular measurement interval under stated conditions P ENISO13MP1 Pefomaxelwline se Ecemos Sare taire taion se ECC ECU Other This manual uses other than safety related abbreviations as defined in the table below 20 Introduction to the manual Certificate TUV NORD certificate is attached below Certificate No SLA 0131 2009 Ver 1 0 T V NORD Systems GmbH amp Co KG hereby certifies ABB Oy Hiomotie 13 FI 00381 Helsinki Finland that the safety functions module FSO 11 as a plug in module for the ABB industrial drive ACS880 series is developed according to the following standards EC 61508 part 1 part 2 part 3 2010 capable up to SIL 3 IEC 61800 5 2 20
70. epeat the test procedure for the reverse direction Verification and validation 137 Validation of the SSE and SS1 functions with ramp monitoring Follow the steps below to validate the SSE and SS1 functions with ramp monitoring each function separately 1 10 Check the SSE SS1 input connections from the field equipment to the FSO 11 against the circuit diagrams Ensure that parameter SSE monitoring method is set to Ramp parameter SS1 monitoring method is set to Ramp See section How to configure SSE with ramp monitoring on page 119 How to configure SS1 with ramp monitoring on page 111 Check that the SARO SAR1 ramp times are set properly See section How to configure SARn on page 123 Start the drive and check that the motor can run at the maximum speed Activate the SSE SS1 circuit for example disconnect the signal from the field device to the FSO 11 input Check that the speed ramps down properly and the SARO SAR1 monitoring is set correctly If the SBC is in use check that the SBC is activated below the speed defined by parameter SSE SS1 SBC speed SSE SS1 SBC speed Check that the STO is activated Set an acknowledgement for example with the control panel restart the drive and check that the motor runs normally If the motor can rotate in the reverse direction repeat the test procedure for the reverse direction 138 Verification and validation Validation of the SLS function with t
71. erations and information to be taken into account when applying the FSO 11 safety functions WARNING The FSO 11 safety functions module is delivered with the safety functions bypassed by jumper wires in connectors X 113 and X 114 to allow initial drive commissioning without the need to configure safety functions first The safety system must always be properly commissioned and verified validated before it can be considered safe Meeting the requirements of the Machinery Directive In order to fulfill the requirements of the Machine directive the requirements in the applicable standards must be met and the FSO 11 must be used according to all instructions provided in this manual Implementing safety functions requires following a process which is introduced for example in Functional safety Technical guide No 10 34UA0000048753 English The process includes a risk assessment and residual risks as well as any foreseeable misuse must be documented in the user instructions of the machinery Responsibilities It is the responsibility of the machine builder OEM system integrator to ensure that the essential health and safety requirements specified in the Machinery Directive are met 22 Safety information and considerations If you detect any failure in safety functions contact your local ABB representative Safety considerations Note After you initially start up the FSO 11 and also after you later modify any application p
72. et to use automatic acknowledgement The master may have an acknowledgement button and the acknowledgement always starts from the master Up to two safety functions may be cascaded but it is highly recommended that one of them is either SSE or STO If an FSO 11 activates STO for any reason also the cascaded SSE output is triggered 40 Implemented safety functions Safe torque off STO STO base function The STO brings the machine safely into a no torque state and or prevents it from starting accidentally For more information on the STO base function in ACS880 drives see the drive Firmware manual The operation of the STO function is described in the time diagram and table below Motor A STO time to zero speed speed w Time D 2 4 sTO request Active active STO state pt STO state indication STO completed CC IL co eee Time to zero speed Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed STO request removal allowed shaded area The STO request must be active for at least 10 ms The STO request must be removed before the acknowledgement is accepted STO activated after the STO request has been received for example from the I O Acknowledgement is not allowed before the motor is presumably stopped 3 After the time to zero speed A has elap
73. f this manual recommended reading as well as related standards and directives and explains used definitions terms and abbreviations The safety certificate is included at the end of the chapter Exclusion of liability This manual is an informative aid only It contains information needed to use the FSO 11 safety functions module when implementing safety systems The information and examples given are for general use only They do not describe all the necessary details for implementing a safety system The manufacturer of the machinery always remains ultimately responsible for the product safety and compliance with applicable laws ABB does not accept any liability for direct or indirect injury or damage caused by the information contained in this document ABB hereby disclaims all liabilities that may result from this document The FSO 11 module must not be opened otherwise the safety classification will become invalid and the warranty cease to be in effect Applicability This manual applies to the FSO 11 safety functions module firmware version 1 0 and later until the next revision of the manual is published 14 Introduction to the manual Compatible products Drives e ACS880 series Tools Drive composer pro PC tool Supported safety functions This manual provides instructions for creating the following safety functions according to EN 61800 5 2 2007 for the ACS880 drives e Safe torque off STO standard featur
74. fter the request Common for all ramps SARn n 0 1 Parameter 127 SAR initial allowed range Note Maximum allowed time for a ramp is ten minutes from 1500 rpm to the zero speed 36 Implemented safety functions Function indication The logic state of the output indication can be configured to be active low or active high STO SS1 SSE States of the configured and connected functions are indicated with FSO 11 digital outputs when the function is started e Stopping functions are always started immediately first they monitor the time then possibly the ramp e STO is indicated right away when the request is active requested from input or by diagnostics e Ramp monitoring SARO and SAR1 see section Configuring SAR on page 123 is not indicated Digital output indication is removed when the function is completed e SSE and SS1 are completed when the STO is acknowledged Stopping indication is activated when the stopping function has completed but is not yet acknowledged There are separate indications for each stopping function STO SSE and SS1 parameters 21 STO completed output 31 SSE completed output and 40 SS1 completed output and one common for all of them parameter 6 Stop completed output SLS e SLS indication starts when the speed is in the monitored range and indication is removed when the function is completed or the monitored speed limit is exceeded this also causes the SLS to trip that is SSE is
75. has been removed After the acknowledgement manual or automatic the STO and SBC are deactivated and the control is given back to the drive which controls the brake from now on Note Logic states of the STO state indication and STO completed indication signals outputs are configurable Implemented safety functions 45 Note STO activation also activates the SSE state indication signal output if the SSE is cascaded See Safe stop emergency SSE on page 50 and Cascade on page 38 For configuration see section How to configure SBC before STO on page 107 in chapter Configuration 46 Implemented safety functions Safe stop 1 SS1 The SS1 stops the motor safely initiating the STO function below a specified speed or after a specified time limit SS1 with time monitoring Motor speed SS1 delay for STO e fo E Inactive Active STO state NA STO state indication D e e e a oh ee s SS1 state indication A SS1 completed indication E a SS1 delay for STO Time after which the STO is activated regardless of the speed Time to zero speed Time from the STO activation to the moment when acknowledgment becomes allowed Configured to the estimated time in which the motor coasts to a stop from the maximum speed Relevant only if 3b occurs Zero speed Speed limit for activating the STO ul SS1 request removal allowed shaded area The SS1 request can be removed after a
76. iate cable protection eg double shielding X113 X114 Diagnostic pulses from an active sensor must not be CH 224 V DC overlapping PNP PpIng CH 1 outputs COM GND Channel separation Outputs to solid state devices Example PLC 24 V DC NPN Physical separation of different the channels or appropriate cable protection eg double X113 X114 shielding Channel separation TP 10 9 CH 1 24V DC DO 8 NN M od NPN 7 CH 2 inputs GND E E COM GND e GND DI 5 1 p Diagnostic pulses 64 Planning for installation Cascade Example X114 X113 E stop button Physical separation of the different X114 X113 channels or appropriate cable protection eg double shielding 1 2 ol 3 4 5 gt GND 7 8 DO 9 10 TP Common GND X114 X113 1 2 3 DI 4 5 6 GND 7 8 DO 9 10 TP Channel separation E Common Diagnostic pulses GND Module 1 cascade master Module 2 Module 3 Installation 65 Installation Contents of this chapter This chapter gives examples of how to connect the FSO 11 module to the ACS880 iN WARNING The supply voltage for FSO 11 is 24 V DC If the FSO 11 is supplied with a higher voltage for example 230 V or 11
77. ime monitoring Follow the steps below to validate the SLS function with time monitoring 1 12 13 Check the SLS1 input connections from the field equipment to the FSO 11 against the circuit diagrams If the cascade connection is used check the cascade connections and this checklist in all cascaded drives Ensure that parameter SLS7 limit positive is set properly and parameter SL S1 limit negative is set to zero see section How to configure SLSn with time monitoring on page 124 Set parameters SLS7 trip limit positive and SLS7 trip limit negative to the correct values less than the speed defined by parameter SMS limit positive and more positive than the speed defined by parameter SMS limit negative Set parameter SLS time delay to the correct value Select the correct SLS acknowledgement method parameter SLS acknowledgement Start the drive and check that the motor can run at a higher speed than the speed defined by parameter SLS7 limit positive Activate the SLS1 monitoring for example disconnect the signal from the field device to the FSO 11 input Check that the speed ramps to below the speed defined by parameter SLS7 limit positive before SLS time delay has elapsed If needed according to the risk assessment test the application so that the SLS1 ramp monitoring trips the drive and other cascaded drives that is ramp down by SSE Only the SLS1 can be cascaded If the SBC is in use check that the SBC
78. ining navigate to www abb com drives and select Training courses Providing feedback on ABB Drives manuals Your comments on our manuals are welcome Go to www abb com drives and select Document Library Manuals feedback form LV AC drives Document library on the Internet You can find manuals and other product documents in PDF format on the Internet Go to www abb com drives and select Document Library You can browse the library or enter selection criteria for example a document code in the search field Contact us www abb com drives www abb com windpower www abb com drivespartners 3AUA0000097054 Rev B EN EFFECTIVE 2012 10 15 Power and productivity Ah Hp HD P IP ED for a better world
79. ip limit The drive starts to ramp down If ramp monitoring were in use the SAR1 ramp would be used from here until the speed would go below the SLS upper trip limit If time monitoring were in use the ramp defined by the drive parameters would be used from here until the speed would go below the SLS upper trip limit Speed is below the SLS upper trip limit and the monitoring of the SLS is started 4 The FSO 11 would start the SLS monitoring at the latest here that is after the SLS time delay has elapsed SLS request is removed but the monitoring is still on SLS is acknowledged manually or automatically and the monitoring is ended When the SLS is removed the drive continues with the previously set speed Note Logic state of the SLS state indication signal output is configurable Note If the SLS monitoring must be activated immediately regardless of the current speed time monitoring with zero time must be used instead of ramp monitoring For configuration see section Configuring SLS on page 124 in chapter Configuration Implemented safety functions 57 Safe maximum speed SMS SMS is used to protect the machine from too high speeds frequencies It can only be configured to be on or off The upper and lower limits can be configured separately If the speed should reach the maximum limit the SSE would be activated Motor speed ID Description amp O SMS maximum speed Bo SMS mi
80. ith ramp monitoring on page 119 in chapter Configuration SSE with speed limit activated SBC Motor speed Active Inactive STO state STO state indication SBC control l SSE state SSE state indication L 1 SSE completed indication 1D Description O SBC speed Speed below which the brake is activated while ramping EN Zero speed Speed limit for activating the STO SSE request removal allowed shaded area The SSE request can be removed after a minimum down time It must be removed before the acknowledgement is accepted SSE is requested for example from the I O Ramping down with SARO monitoring is started 3 Speed is below the SBC speed the SAR monitoring is stopped and the brake is activated 4 STOisac vatedafterthebrakeactivaion STO is activated after the brake activation 5 After the acknowledgement manual or automatic the STO and the brake are deactivated and the control is given back to the drive Note Logic states of the STO state indication signal SSE state indication and SSE completed indication signals output are configurable For configuration see section How to configure SSE with speed limit activated SBC on page 121 in chapter Configuration Implemented safety functions 55 Safely limited speed SLS The SLS prevents the motor from exceeding the specified speed limit SLS with speed below monitored
81. its ground has to be in the same potential as the drive ground Appropriate supply input power fuses are installed Signal wiring between the drive and the module is routed separately from the power supply wiring and high power cables drive supply and motor cabling Signal wiring is appropriately clamped marked and protected Common cause failure CCF checklists Check measures against common cause failures CCF There is one checklist in EN ISO 13849 1 and another in EN 62061 The checklists are useful for both the planning of the installation and the actual installation Configuration 73 Configuration Contents of this chapter This chapter describes the password usage outlines the configuration process lists the FSO 11 parameters and gives examples of how to configure the FSO 11 to implement each safety function as described in chapter mplemented safety functions on page 33 Password Note You need a password to be able to copy the configuration to the FSO 11 The configuration is protected with a password You need a password to be able to upload the parameters from the drive to the FSO 11 and download the modified parameters from your PC to the FSO 11 The password is set to 12345678 at the factory The password must contain 4 8 digits When you change it do not forget the new password otherwise you have to do a factory reset to the FSO 11 which clears the configuration and resets the parameters t
82. l output indicating completion of the SSE Active None output when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active 7 35 SS1 input A Digital input connected to the SS1 primary input None DI X113 1 8 X114 1 Redundant input X113 1 amp X114 1 7 DI X113 2 amp X114 2 Redundant input X113 2 amp X114 2 Configuration 81 No Name Value Description Default sel value IEC TE Do 36 SS1 input B Digital input connected to the SS1 secondary input Secondary input is mostly used for the cascade connection See parameters 188 Cascade A and 189 Cascade B None No input connected No input connected Dixns2 Smdeiwuxna2 CN onsa SmdempuxHa4 CN oma snema CN 37 SS1 monitoring Method used for the SS1 monitoring Ramp method 38 SS1 delay for STO Time delay after which the STO is executed if time monitoring used See parameter 37 SS1 monitoring method 7 DO X114 8 Single output X114 8 DO X114 9 Single output X114 9 82 Configuration No Name Value Description Default sel value 40 SS1 completed Digital output indicating completion of the SS1 Active None output when the speed is below the speed defined by parameter 763 Zero speed without encoder and the STO is active Wwe _ Nooutputconnested A DoXis8 SmieoupixHa8 b DoXi4s Singe oupa xmas b DoXi49 Singe oupa xmas po 60 SLS1
83. monitoring 2000 ms is used 83 SLS1 output A Digital output connected to the SLS1 primary output DO X114 7 DO X114 7 Single output X114 7 7 84 SLS1 output B Digital output connected to the SLS1 secondary output None Secondary output is mostly used for cascade connection None No output connected o 88 SLS SLS acknowledgement method Automatic acknowledgeme nt Automatic Automatic acknowledgement after the removal of 1 requests For SLSn n 2 4 instead of SLS1 parameters configure the corresponding SLSn parameters listed in the table below as appropriate The Example value column shows the parameter default values Example value 200 Safety Safety parameters ID 62 SLS2 input Digital input connected to the SLS with limits 2 None No input connected o No Name Value Description 63 SLS3 input Digital input connected to the SLS with limits 3 None No input connected o 64 SLS4 input Digital input connected to the SLS with limits 4 None Noinputconnecedd o i 126 Configuration No Name Value Description Example value 69 SLS2 trip limit SLS2 negative speed limit tripping the drive 450 0 rom negative 70 SLS2 trip limit SLS2 positive speed limit tripping the drive 450 0 rpm positive 71 SLS2 limit SLS2 negative speed limit for the drive 400 0 rpm negative 72 SLS2 limit SLS2 positive speed limit for the drive 400 0 rpm positive 73 SLSS3 trip limit SLS3 negative speed limit tripping the drive 650 0
84. mples of how to configure the FSO 11 to implement each safety function as described in chapter Implemented safety functions Chapter Start up page 131 describes the general precautions to be taken before starting up the safety system for the first time Chapter Verification and validation page 133 describes verification and validation of the implemented safety functionality Chapter Fault tracing page 143 describes the status LEDs and provides generic diagnostics and troubleshooting tips for FSO 11 related faults generated by the drive Chapter Maintenance page 147 explains replacement of the FSO 11 module in case of a module failure reinstalling the FSO 11 module to another drive updating the firmware of the drive where the FSO 11 is installed factory reset FSO 11 update and decommissioning as well as proof tests 16 Introduction to the manual Chapter Technical data page 151 contains the technical specifications of the FSO 11 for example electrical data sizes and safety data Chapter Dimension drawings page 159 shows dimension drawings of the FSO 11 module Recommended reading This manual is based on the following standards It is recommend that one is familiar with these standards before implementing safety related systems EN 61800 5 2 2007 Adjustable speed electrical power drive systems Part 5 2 Safety requirements Functional Includes safety function definitions ENISO 13849 1 2008 Safety of
85. nce test reports Signed acceptance test reports must be stored in the logbook of the machine The report must include documentation of the start up activities and test results references to the failure reports and resolution of failures Any new acceptance test performed due to changes or maintenance must also be logged in the logbook Verification and validation 141 Note It is always the responsibility of the machine builder to ensure that the functionality of all the required safety functions has been appropriately verified and validated WARNING Until all the safety functionality is verified and working properly the system must not be considered safe Proof test intervals during operation Proof tests are intended to ensure that the safety integrity of a safety system is maintained continuously and does not deteriorate over time Proof tests are often required for mechanical brakes for example Proof tests are used mainly for parts of the system that cannot be automatically diagnosed The proof test interval is the interval between two proof tests When the proof test interval has elapsed the safety system has to be tested and restored to an as new condition The proof test must also be part of the regular maintenance plan For some of the components electronics the proof test interval is the same as the expected life time of the system A specific safety calculator software can assist in determining the requirements fo
86. nected to the SSE secondary input Secondary input is mostly used for the cascade connection 27 SSE function Function activated by the SSE Emergency Emergency ramp SSE activates the SS1 with emergency ramp 28 SSE monitoring Method used for the SSE monitoring method 120 Configuration No Name Value Description Example value 30 SSE output Digital output indicating activity of the SSE DO X113 9 DO X113 9 Single output X113 9 6 o 31 SSE completed Digital output indicating completion of the SSE Active when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Configuration 121 How to configure SSE with speed limit activated SBC To configure the SSE with speed limit activated SBC set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SSE with speed limit activated SBC see page 54 Example The figure below and the Example value column in the table show an example of an SSE with speed limit activated SBC set up e monitored ramp SARO see section How to configure SARn on page 123 e redundant emergency button connected to input Single output connected Speed activated brake in use speed below which the brake is activated is 240 0 rpm SSE function Emergency ramp SSE input A SSE monitoring method Ramp SSE output DI X113 1 amp X114 1 Remember to configure SAR
87. ng in the STO faults generating the STO are always faults 168 STO indication Type of the generated event for the STO or SSE caused Fault safety limit by a safety function limit hit faults generating the STO are always faults C Fan Fil generated 98 Configuration Configuring I O How to configure I O To configure the I O set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool The location of the input and output terminals on the FSO 11 module is shown in section Layout on page 29 Configuration 99 Example The figure below and the Example value column in the table show an example l O set up e All inputs use diagnostic pulses with 1 ms width and 30 s period one redundant cascaded connection from input 1 to output 7 one safety relay always redundant connected to output 8 with feedback connected to input 3 All outputs except X114 9 have active low logic state and diagnostic pulsing on Pulse width 1 ms and period 59 s Output X114 9 has active high logic state and no diagnostics pulses can be used gt l X113 4 DI X113 1 diag DO X113 7 logic uu on off On LiCascads B Nons M state ous low X113 2 D 2 dia DO X113 7 diag i l pulse on off On pulse on of On X113 3 a pulse on off On E op goes pulse DO X 1 1 be 8 n xad DIX113 4 diag gn RUE EU ETE pulse on off On DO diagnostic pulse DO X113 8 diag
88. ng the Drive composer pro PC tool For more information on the SS1 with time monitoring see page 46 Example The figure below and the Example value column in the table show an e xample of an SS1 with time monitoring set up SS1 with time monitored ramp redundant emergency button connected to input delay for activating STO 2000 ms single output connected speed activated brake not in use monitored ramp SARO SS1 monitoring method Time SS1 input A SS1 output DI X113 1 amp X114 1 Speed SS1 delay for STO DO X114 9 Ss SS1 input B SS1 completed None output SSE SS1 SBC speed Zero speed No Name Value Description Example value 00 Safety Safety parameters REN 15 SSE SS1 SBC Absolute speed below which the brake is activated while 0 0 rpm speed ramping If the value is 0 0 rpm this feature is not in use 35 SS1 input A Digital input connected to the SS1 primary input DI X113 1 amp X114 1 DI X113 1 amp Redundant input X113 1 amp X114 1 1 X114 1 36 SS1 input B Digital input connected to the SS1 secondary input Secondary input is mostly used for the cascade connection None No input connected 37 SS1 monitoring Method used for the SS1 monitoring method 110 Configuration No Name Value Description Example value 38 SS1 delay for Time delay after which the STO is executed if time 2000 ms STO monitoring used 39 SS1 output Digital output indicating activity of the SS1 DO X114
89. nimum down time It must be removed before the acknowledgement is accepted UN Safety function response time SS1 is requested for example from the I O 2 After the safety function response time ramping down with SARO SAR1 monitoring is started Speed is below the SBC speed the SAR monitoring is stopped and the brake is activated pp O STO is activated after brake activation is activated after brake activation After acknowledgement manual or automatic the STO and the brake are deactivated and the control is given back to the drive which is allowed to modulate again Note Logic states of the STO state indication SS1 state indication and SS1 completed indication signals output are configurable For configuration see section How to configure SS1 with speed limit activated SBC on page 113 in chapter Configuration 50 Implemented safety functions Safe stop emergency SSE The SSE can be configured to execute either the STO or the SS1 with emergency ramp The behavior of the SSE with STO is identical to the pure STO except that different timing parameters are used The behavior of the SSE with SS1 with emergency ramp is identical to the SS1 with ramp monitoring For configuration see section How to configure SSE on page 115 in chapter Configuration The operation of the SSE function with STO is described in the time diagram and table below Motor A SSE time to zero speed with STO speed gt H
90. nimum speed For configuration see section Configuring SMS on page 130 in chapter Configuration 58 Implemented safety functions Planning for installation 59 Planning for installation Contents of this chapter This chapter gives instructions and references to instructions in other manuals for planning the safety system installation as well as the requirements for installation in the applicable safety standards Requirements for designers and installers Designers and installers must be trained to understand the requirements and principles of designing and installing safety related systems Designers and maintainers must be trained to understand the causes and consequences of Common Cause Failures CCF See the checklist for the appropriate standard in section Common cause failure CCF checklists on page 72 Mechanical installation Installation site The subsystem elements must always be likely to operate within the range of temperature humidity corrosion dust vibration etc over which it has been tested without the use of external environmental control The FSO 11 module must only be used in an environment where no conductive dust or contaminants are present One way to ensure proper protection against contamination is to use the FSO 11 in at least an IP 54 enclosure For further information on environmental limits of the FSO 11 see chapter Planning the mechanical installation in the drive Hardware manual
91. nnel 2 digital input 2 3 Di Channel 2 digital input3 4 Di Channel 2 digital input 4 6 GND Signal ground 7 DO Channe 2 digital output 8 DO Channel 2 digital output2 9 DO Channe2 digital output 3 6 EN Es 10 68 Installation Connection procedure Depending on the type of the drive the location of the module may be for example one of the following shown in the figures below 1 Ensure that the FSO 11 electronics grounding screw is properly tightened 2 Ensure that the FSO 11 enclosure grounding screw is properly tightened X1114 93 2 1 sTO X112 2 1 Power lt E x EY z a e FSO 11 ABI P a x Safety functions module 4 d POWER S RUN S STATUS FAULT 2 3 E o STO a E 5 J e 2 gt a a n gt L DI GND DO D S 22 E O 1 e e e e lt WS zb e e e ee wa ox 0000 IRAN A ISEE EET A AE a e o cE e al XL x X S E Q I ve S J 0 0 a c i Oe a ad ad 3 S 50 STAT 8 9 9 al e PE TATUSI FAUT 8 7 cos E 0 zl E gt 5e E S z ee ENE BM i 6 24 ja gt F W AER to a 2 DI 3ND DO TP al O E u 2 z gt 1 F 0 0 0 010 0 0 0 0 0 x 5 s Ys 33 20 ma al 1 e e e e 9 0 0 oce mii BLOG e als vo Ollx 00089 Installation 69 4 Connect the supplied four wire cable to the FSO 11 terminal X111 and plug the other end of the cable to the
92. no outputs connected e STO related features configured in STO function Parameter SSE time to zero speed with STO must be configured to be the estimated time in which the motor coasts to a stop from the maximum speed SSE function Immediate STO Speed SSE time to zero SSE input A speed with STO SSE output DI X113 1 amp X114 1 None SSE input B SSE completed None output No Name Value Description Example value 200 Safety Safety parameters EA 24 SSE time to zero Time in which the acknowledgement is allowed after the 5000 ms speed with STO SSE when the SSE activates the STO parameter 27 SSE function Immediate STO 25 SSE input A Digital input connected to the SSE primary input DI X113 1 amp X114 1 DI X113 1 amp Redundant input X113 1 amp X114 1 1 X114 1 26 SSE input B Digital input connected to the SSE secondary input Secondary input is mostly used for the cascade connection 27 SSE function Function activated by the SSE STO Immediate STO SSE activates the STO immediately 8 c 116 Configuration No Name Value Description Example value 30 SSE output Digital output indicating activity of the SSE None No output connected o 31 SSE completed Digital output indicating completion of the SSE Active when the speed is below the speed defined by parameter 163 Zero speed without encoder and the STO is active Configuration 117 How to configure SSE with time monitoring To
93. o input Single output connected SLS activation delay 2000 ms positive limits target 1200 0 rpm trip limit 1320 0 rpm negative limits target 900 0 rpm trip limit 1020 0 rpm e automatic acknowledgement SLS acknowledgement SLS activation monitoring method Time SLS1 input A SLS1 output A DI X113 2 amp X114 2 Speed SLS time delay DO X114 7 SLS1 input B SLS1 output B None M Zero speed SL 51 trig limit negative No Name Value Description Example 200 Safety Safety parameters 60 SLS7 input A Digital input connected to the SLS with limits 1 primary D X113 2 mE input X114 2 No Name Value DI X113 2 8 X114 2 61 SLS7 input B None 65 SLS1 trip limit negative 66 SLS7 trip limit positive Configuration 125 Example value Redundant input X113 2 amp X114 2 Digital input connected to the SLS with limits 1 secondary input Secondary input is mostly used for cascade connection only SLS1 can be cascaded No input connected SLS1 negative speed limit tripping the drive 1020 0 rpm SLS1 positive speed limit tripping the drive 1320 0 rpm Description 67 SLS1 limit negative 68 SLS1 limit SLS1 positive speed limit for the drive 1200 0 rpm positive SLS1 negative speed limit for the drive 900 0 rpm 81 SLS activation monitoring Method of SLS activation monitoring Time method 82 SLS time delay Delay for starting speed monitoring when time
94. o the factory defaults The password is reset to the default 12345678 Factory defaults are not a valid configuration so you have to reconfigure the FSO 11 or download the configuration to the FSO 11 Configuring the FSO 11 The FSO 11 parameters are set with the Drive composer pro PC tool The names of the FSO 11 parameters and parameter settings are shown in the manual as they appear on the screen when using the tool See the Drive composer PC tool user s manual 3AUA0000094606 English for instructions on using the tool Note Only trained persons are allowed to configure safety functions 4 Configuration Note Configuration is only possible when the motor is stopped and the drive is not modulating Note After you initially start up the FSO 11 and also after you later modify any application parameters or the configuration you must check the safety of the entire system by doing a verification according to the system safety verification plan and by doing a validation of the correct operation of the safety application See Verification and validation on page 133 When configuring the FSO 11 follow the steps shown in the diagram below Configuration 1 Plan configuration 2 Configure 3 Print sign and file the configuration report 1 Plan the configuration parameter values according to the safety system installation wiring etc 2 Setthe parameter values in the Drive composer pro PC tool a Start the drive and
95. oad to FSO and validate Password is required f After downloading the FSO 11 and the tool validate the configuration and the tool asks you to confirm the validation g The tool then automatically reboots the drive to take the changes in use If necessary change the password to protect the settings button Change password Password is required Note The motor must be stopped if you change the password 3 After validation print the report from the configuration including all the values of the parameters and CRC Sign and file the report according to your safety management plan Note If you want to clear the configuration and start configuration again from the factory setup do a factory reset See section Drive firmware update on page 149 6 Configuration FSO 11 parameters The following table lists the FSO 11 parameters The parameter row shows parameter number name description and default value The subsequent rows show the parameter value range or names descriptions and numerical values of the selectable named alternatives For additional information on parameters and their settings see the drive Firmware manual Note When the encoderless mode is used the unit of the speed parameters is rpm Note When the FSO 11 is connected to the drive you must set drive parameter 31 22 STO indication run stop to value 3 4 or 5 This setting prevents the drive from making a fault every time the FSO 11 opens the STO The
96. omposer pro PC tool Example The figure below and the Example value column in the table show an example I O set up Acknowledgement button is connected to input X114 4 After power up the acknowledgement can only be performed manually Motor nominal frequency 50 00 Hz Motor nominal speed 1360 0 rpm Zero speed 90 0 rpm External requests ending in the STO are reported to the drive as events Other safety function limit hits are reported as faults Acknowledgement Power up button input acknowledgement Motor nominal frequency STO indication ext request r 4 50 00 Hz Event Drive Motor nominal speed mM o event 1360 0 rpm STO indication safety limit system Fault Zero speed without encoder 90 0 rpm No Name Value Description Example value 200 Safety Safety parameters BEEN 161 Power up Power up acknowledgement method Manual acknowledgeme nt Manual acknowledgement after the removal of requests 8 162 Acknowledgeme Digital input connected to the button for acknowledging D X114 4 nt button input operations 163 Zero speed General zero speed limit for safety functions when no 90 0 rpm nlf ercoder sateyencndermna en ROT spee Configuration 97 No Name Value Description Example value 166 Motor nominal Defines the nominal motor frequency 50 00 Hz frequency 167 STO indication Type of the generated event for an external request ext request STO SSE or SS1 endi
97. onfigured as an event safety function limit hit from the SLS if configured as an event For other fault and alarm messages generated by the drive see chapter Fault tracing in the drive Firmware manual For factory reset see section FSO 11 module failure on page 147 Maintenance 147 Maintenance Contents of this chapter This chapter explains replacement of the FSO 11 module in case of a module failure reinstalling the FSO 11 module to another drive updating the firmware of the drive where the FSO 11 is installed factory reset FSO 11 update and decommissioning as well as proof tests WARNING Read and follow the instructions in chapter Safety instructions in the drive Hardware manual gnoring the instructions can cause physical injury or death or damage to the equipment FSO 11 module failure If the FSO 11 module fails to operate you have to replace it with a new one the module is not repairable Replacing the FSO 11 module 1 Stop the driven machinery and prevent an unexpected start up 2 Upload the FSO 11 parameters from the FSO 11 to the Drive composer pro PC tool Disconnect the supply with the supply disconnecting device Disconnect the auxiliary voltage supply to the FSO 11 Remove the wiring and the FSO 11 module Mark clearly on the FSO 11 module that it is decommissioned c2 2 x Install the new FSO 11 module and wiring according to chapter nstallation on 148 Maintenance page 65
98. owledgement Start the drive and check that the motor can run at a higher speed than the speed defined by parameter SLS7 limit positive Activate the SLS1 monitoring for example disconnect the signal from the field device to the FSO 11 input Check that the speed ramps to below the speed defined by parameter SLS7 limit positive conform to the allowed rate between SARO min ramp time to zero and SARO max ramp time to zero see section How to configure SARn on page 123 If needed according to the risk assessment test the application so that the SLS1 time monitoring trips the drive and other cascaded drives that is ramp down by SSE Only the SLS1 can be cascaded If the SBC is in use check that the SBC is activated below the speed defined by parameter SSE SS1 SBC speed Check that the STO is activated Set an acknowledgement for example with the control panel if the automatic acknowledgement is not in use restart the drive and check that the motor runs normally If the motor can rotate in the reverse direction repeat the test procedure for the reverse direction Repeat the test with the other used SLS functions only the SLS1 can be cascaded 140 Verification and validation Validation of the SMS function Follow the steps below to validate the SMS function 1 Ensure that the SMS is activated see section How to configure SMS on page 130 2 Set parameter SMS limit positive to half of the value to be used in the
99. ported safety functions target audience and purpose of the manual It also lists contents of this manual recommended reading as well as related standards and directives and explains used definitions terms and abbreviations The safety certificate is included at the end of the chapter Chapter Safety information and considerations page 21 contains general safety considerations and information to be taken into account when applying the FSO 11 safety functions Chapter Overview page 27 briefly describes the FSO 11 with safety system components as well as the FSO 11 layout connections type designation label and operational characteristics Chapter mplemented safety functions page 33 describes how the safety functions are implemented with the drive and how they operate Chapter Planning for installation page 59 gives instructions and references to instructions in other manuals for planning the safety system installation as well as the requirements for installation in the applicable safety standards Chapter Installation page 65 gives examples of how to connect the FSO 11 module to the ACS880 Chapter nstallation checklists page 71 contains a checklist for checking the mechanical and electrical installation of the FSO 11 module and refers to common cause failure checklists in standards Chapter Configuration page 73 describes the password usage outlines the configuration process lists the FSO 11 parameters and gives exa
100. r the proof tests Residual risks The safety functions are used to reduce the recognized hazardous conditions In spite of this it is not always possible to eliminate all potential hazards Therefore the warnings for the residual risks must be given to the operators 142 Verification and validation Fault tracing 143 Fault tracing Contents of this chapter This chapter describes the status LEDs and provides generic diagnostics and troubleshooting tips for FSO 11 related faults generated by the drive Status LEDs The status LEDs are situated on the front of the FSO 11 module The table below describes the status LED indications LED off LED lit and steady LED blinking POWER No power Green Power to the FSO 11 is on FSO 11 is in FSO 11 is in the FSO 11 is in the the Fault Operational or Configuration or state or Safe Safe state Start up state state STO activated STATUS FAULT The drive is in A safety function Green Request for a safety normal is active function has ended operation but it has not been without active acknowledged safety functions and no faults A fault or FSO 11 is in the Configuration state RUN LED is blinking The STO The STO circuit circuit is is open closed and the drive is in operation 144 Fault tracing FSO 11 related faults warnings and events The FSO 11 generates three types of events Pure events which are just informative data
101. ription Default sel value Doxiss SmdeowpuXi39 b DoXH48 SmdeoupuXi48 CA Doxi4s SmdeowpuXi49 CA Noe JNooWpicomedei D DoXis9 SmdeowpuXi39 b DOXH48 SmdeoupuXi48 p Doxi4s SmdeowpuXi49 CA Noe JNooWpicomeded p DoXis9 SmdeowpuXis9 CA DOXH48 SmdeoupuXi48 CA Doxi4S SmdeowpuXi49 p acknowledgement Manual Manual acknowledgement after the removal of requests Automatic Automatic acknowledgement after the removal of 1 O mace Deacivates the SMS O 30X00 00mm Weed Configuration 87 No Name Value Description Default sel value 0 0 30000 0 rem Speed 103 SARO ramp time to Emergency ramp target time from the scaling speed 1000 ms Zero to the zero speed 1 180000 ms me 104 SARO min ramp time Time to be subtracted from the target time to calculate 500 ms to zero the emergency ramp minimum time 1 not monitored 1 10 000 ms Time 105 SARO max ramp Time to be added to the target time to calculate the 500 ms time to zero emergency ramp maximum time 3 10000 ms 106 SAR1 ramp time to Stopping SLS ramp target time from the scaling 2000 ms Zero speed to the zero speed 11 800 000 ms 107 SAR1 min ramp time Time to be subtracted from the target time to calculate 500 ms to zero the Stopping SLS ramp minimum time 1 not monitored 110 000 ms 108 SAR1 max ramp Time to
102. rpm negative 74 SLSS3 trip limit SLS3 positive speed limit tripping the drive 650 0 rpm positive 75 SLS3 limit SLS3 negative speed limit for the drive 600 0 rpm negative 76 SLS3 limit SLS3 positive speed limit for the drive 600 0 rpm positive 77 SLS4 trip limit SLS4 negative speed limit tripping the drive 1050 0 rpm negative 78 SLSA trip limit SLS4 positive speed limit tripping the drive 1050 0 rpm positive 79 SLS4 limit SLS4 negative speed limit for the drive 1000 0 rpm negative 80 SLS4 limit SLS4 positive speed limit for the drive 1000 0 rpm positive Nome Nooutputconnested O Nome Nooutputconnested O Nome Nooutputconnested ooo Configuration 127 How to configure SLSn with ramp monitoring To configure the SLSn n 1 4 with ramp monitoring set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SLS function see page 55 Example The figure below and the Example value column in the table show an example of an SLS2 with ramp monitoring set up e SLS2 ramp monitored redundant activation button connected to input Single output connected positive limits target 1200 0 rpm trip limit 1320 0 rpm negative limits target 900 0 rpm trip limit 1020 0 rpm e automatic acknowledgement SLS2 SLS acknowledgement SLS activation monitoring method Ramp SLS2 input SLS2 output DI X113 3 amp X114 3
103. safety application or the safety system configuration you must perform the acceptance tests to verify that the safety functionality is maintained See chapter Verification and validation on page 133 Proof tests If periodic proof testing is necessary based on the safety calculations you must include proof tests in the maintenance plan and perform them periodically See also section Proof test intervals during operation on page 141 Decommissioning When decommissioning the FSO 11 make sure that the safety of the machine is maintained until the decommissioning is complete Mark clearly on the FSO 11 module that it is decommissioned Technical data 151 Technical data Contents of this chapter This chapter contains the technical specifications of the FSO 11 Electrical data Supply voltage 24 3VDC Current consumption Maximum 1000 mA 4 redundant or 8 single or combinations of redundant and single 24 V DC NPN 3 redundant or 6 single or combinations of redundant and single 24 V DC PNP 00594987 xls B Control connection data Logic levels 0 lt 5 V 1 gt 15 V Digital input impedance input impedance Digital input impedance 4 ET OOOO Digital output drive MEM S S mA each 700 mA total capability Max allowed cable length 250 m 820 ft between the drive and the activation switch 00594987 xls B 152 Technical data Terminal and lead through data for the control cables
104. safety function is also internally connected to the corresponding digital output of the module digital input gt digital output This resembles a master follower connection See section Cascade on page 38 None Notcascaded o X113 1 amp X114 1 gt Redundant cascade X113 1 amp X114 1 gt X113 7 amp 1 X113 7 amp X114 7 X114 7 X113 2 8 X114 2 gt Redundant cascade X113 2 amp X114 2 gt X113 8 amp 2 X113 8 amp X114 8 X114 8 X113 3 8 X114 3 gt Redundant cascade X113 3 8 X114 3 gt X113 9 3 X113 9 amp X114 9 X114 9 X113 1 gt X113 7 Single cascade X113 1 gt X113 7 X113 2 gt X113 8 Single cascade X113 2 gt X113 8 X113 3 gt X113 9 Single cascade X113 3 gt X113 9 B X114 1 X114 7 X114 2 gt X114 8 X114 3 gt X114 9 189 Cascade B None X113 1 amp X114 1 gt X113 7 amp X114 7 X113 2 amp X114 2 gt X113 8 amp X114 8 X113 3 amp X114 3 gt X113 9 amp X114 9 Single cascade X114 1 X114 7 Single cascade X114 2 X114 8 B Single cascade X114 3 gt X114 9 9 For each FSO module in cascade B the digital input connected to the safety function is also internally connected to the corresponding digital output of the module digital input gt digital output See section Cascade on page 38 Not cascaded Redundant cascade X113 1 8 X114 1 gt X113 7 amp X114 7 Redundant cascade X113 2 amp X114 2 gt X113 8 amp X114 8
105. se ek RO d ee RR 9 d CHR AT e c n d A 130 10 Start up Contents of this chapter o o oooooooornn ras 131 Safety consideralos 4x aids c9 duc HORE dels OR dde Ode MC Ind qe UR SOIRS c EL d ti elt 131 4 wee tie Sas aprons pee Soe G nel oe eee eas ee E Heese apa eins Seema eee 131 8 Table of contents 11 Verification and validation Contents of this chapter seven oon dar ee dada dca dca iia 133 Verifying the achieved SIL PL level 0 0 ccc s 133 Validation PrOCeQUI os ina te odie aed dG ide Bendis Bod wa e wallow gots ee SE Ree es 133 Validation checklist for start up 2 1 0 eens 134 AUTNCNZEC perO neones pao RACE A EUR DEPRECOR d 140 Acceptance test reports sudes rna que Ex Rea a wads 140 Proof test intervals during operation o o ooocooocoooo eee 141 asscoelzMic ERE C rrI 141 12 Fault tracing Contents of this chapter escasear REEL RS UEDEC RECEN SR e EP EE ESAE 143 ci AA ee ee a ee ee 143 FSO 11 related faults warnings and events 0 0 00 ccc eee eens 144 Pdl Zeb v E mO 144 Faults and delayed faults eee eee tenes 144 MAMI Ses en hc cep hg eo Sen ee cecal ae Qe Ur Gh cg A ded Gy iubebo ah do oe thd o OP e rub dA 145 SN Sage ceseteteaeee eee SUPPE dd eee ete bare ket aes eee 146 13 Maintenance Contents or this chapter iue seconde ERR ER OEG ONU da ER REX Sen RR XR EE ERE RR 147 FS
106. sed the STO is completed and the acknowledgement is possible as soon as the STO request has been removed After the acknowledgement manual or automatic the STO is deactivated Note Logic states of the STO state indication and STO completed indication signals outputs are configurable Note STO activation also activates the SSE state indication signal output if the SSE is cascaded See Safe stop emergency SSE on page 50 and Cascade on page 38 Implemented safety functions 41 For configuration see section How to configure STO on page 103 in chapter Configuration 42 Implemented safety functions Safe brake control SBC The SBC provides a safe output for controlling external mechanical brakes If the SBC is used it is always combined with the STO except in drive proof testing The SBC can be configured to be activated before at the same time with or after the STO The SBC and STO combination can also be configured to be activated below a certain speed level while ramping down to the zero speed see SS7 with speed limit activated SBC on page 49 and SSE with speed limit activated SBC on page 54 In that case the SBC is activated at the configured speed level SBC after STO The operation of the SBC after the STO is described in the time diagram and table below B STO time to zero speed Motor speed A SBC delay 200 6 E LN STO request Inactive Active STO s
107. speed This applies to both time and ramp monitoring Motor speed Inactive pas SLS state SLS state indication E eea SLS upper trip limit SLS request removal allowed shaded area The SLS request can be removed after a minimum down time It must be removed before the acknowledgement is accepted W SLS is requested the speed is below the SLS upper trip limit and so the monitoring is started SLS request is removed but the monitoring is still on if manual acknowledgement is configured If automatic acknowledgement is configured the monitoring is also ended SLS is acknowledged manually and the monitoring is ended Note Logic state of the SLS state indication signal output is configurable For configuration see section Configuring SLS on page 124 in chapter Configuration 56 Implemented safety functions SLS with speed above monitored speed This applies to time monitoring Motor speed C SLS time delay i DAAA 5 6 T Y B 1 SLS request Inactive Active SLS state ID Description OOOO SLS upper trip limit SLS request removal allowed shaded area The SLS request can be removed after a minimum down time It must be removed before the acknowledgement is accepted SLS time delay Delay for forcing to start SLS monitoring when time monitoring is in use D Safety function response time UE SLS is requested but the speed is above the SLS upper tr
108. state Button release allowed Normal acknowledgement The acknowledgement is recognized when the button is released after pressing it the system must detect both falling and rising edge changes for successful acknowledgement triggering The pressing time of the button must be between 0 3 s 3 0 s Too long interruptions signal low longer than 3 s on the signal are ignored and a warning message is generated to the drive If there is something to acknowledge it is ignored and the user must press the acknowledgement button again If there is nothing to acknowledge nothing happens and no errors are generated Implemented safety functions 35 Ramp monitoring The ramp monitoring is configured with four parameters as described below Motor speed Description Ramp minimum time from the scaling speed to the zero speed B A Specified for each SARn ramp n 0 1 separately For example for SARO parameter 104 SARO min ramp time to zero Target time for the ramp down from the scaling speed to the zero speed Specified for each SARn ramp n 0 1 separately For example for SARO parameter 103 SARO ramp time to zero Ramp maximum time from the scaling speed to the zero speed B C Specified for each SARn ramp n 0 1 separately For example for SARO parameter 105 SARO max ramp time to zero Initial allowed range for the SARn ramp This is the time when the monitoring of the ramp maximum time is started a
109. status fault LED is lit red This requires the FSO 11 power down cycle to take the new parameters into use before entering the Operational state If there is an internal fault the FSO 11 enters the Fault state The FSO 11 exits the Fault state either by a request from the Drive composer pro PC tool into the Configuration state or by removing the power from the FSO 11 into the Power down state In the latter case the FSO 11 starts again normally from the Start up state after restoring power When the FSO 11 is in the Power down Start up Configuration Safe or Fault state the STO is always active When the FSO 11 is in the Operational state the STO is inactive Cascade It is possible to cascade up to six FSO 11 s into a daisy chain type network resembles somewhat an I O master follower system If an FSO 11 triggers a cascaded function it passes the triggering information to the next FSO 11 which triggers the next one and so on until the last FSO 11 again triggers the first one Acknowledgement Automatic acknowledgement Emergency stop FSO 11 FSO 11 Master Follower Follower Safety Safety Safety function 1 function 1 function 1 Safety Safety Safety function 2 function 2 function 2 Implemented safety functions 39 Cascade l O connections must be set to use diagnostic pulsing One of the cascaded FSO 11 s must be configured as a master and the others as followers All of the cascaded FSO 11 s must be s
110. stem of the FSO 11 is only included in those safety functions that measure the speed of a motor For example the Prevention of unexpected start up or the SSE with stop category 0 drive coasts to a stop do not use the speed measurement subsystem After calculating the total PFD PFH for the safety function it must be verified that the PFD PFH of the safety function fulfills the requirement for the targeted SIL PL 156 Technical data Basic safety data The FSO 11 data related to safety standards IEC 61508 EN 61800 5 2 EN ISO 13849 1 and EN 62061 are listed below for the different subsystems Calculations are based on existing hardware redundant function activation STO and redundant indication all in pulsed mode EN 61508 EN ISO 13849 1 3AXD10000006135 doc C 1 channel 2 channel 1 channel 2 channel Logic DI pulses DI pulses DI no DI no 1 channel pulses pulses DI or DO no Pipes wr fo 9 3 9 1 ea 2 3 3 3 3 3 3AXD10000006135 doc C Note 1 A logic subsystem is included in each safety function implemented with the FSO 11 If the safety function contains any 1 channel digital input or output of the FSO 11 with non pulsed signals the subsystem Logic 1 channel DI or DO no pulses must be used Otherwise the subsystem Logic other cases is used 1 channel 2 channel 1 channel 2 channel STO Speed DO pulses DO pulses DO no DO no output measure pulses pulses ment PFH
111. step 2 a Download the FSO 11 parameters from the Drive composer pro PC tool to the FSO 11 according to chapter Configuration on page 73 b Restore the backup to the drive See the drive Firmware manual 3 Perform the start up procedure according to chapter Start up on page 131 Perform the validation procedure for each safety function according to chapter Verification and validation on page 133 Maintenance 149 Note The STO is the basic safety function and it has to be validated first The acceptance tests for the STO function of the drive are described in chapter Planning the electrical installation in the drive Hardware manual 5 Update the HW and SW versions of the new drive to the logbook of the driven machine Drive firmware update If you have to update the firmware of the drive where the FSO 11 is installed follow the procedure below Updating the firmware of the drive where the FSO 11 is installed 1 Stop the driven machinery and prevent an unexpected start up 2 Doone of the following a Upload the FSO 11 parameters from the FSO 11 to the Drive composer pro PC tool b Make a backup of the drive See the drive Firmware manual 3 Update the firmware of the drive 4 Doone of the following the same letter as in step 2 a Download the FSO 11 parameters from the Drive composer pro PC tool to the FSO 11 according to chapter Configuration on page 73 b Restore the backup to the drive See the driv
112. stop the motor b Connect your PC to the drive start the tool and select Safety settings c Open the parameters for setting in one of these two ways First start Upload the parameters from the FSO 11 to the tool button Upload from FSO Password is required e Existing configuration Open the configuration file button Open safety file Configuration 75 d Set the safety function parameters General parameters Start from the general parameters Check at least that the motor parameters are correct e I O Check that the I O parameters are set according to the installation wiring plan Remove diagnostic pulsing from any unused I O Check possible safety relays and cascade connections Note If there are only passive devices for example switches connected do not make any changes to the diagnostic pulsing However if there is an active device for example a PLC or light curtain check if it can use the same diagnostic pulsing as the FSO 11 if not tune the FSO 11 diagnostic pulsing e Safety functions You must at least configure the STO regardless of what you use the FSO 11 for or which safety functions you are using The STO is essential for the FSO 11 to be able to make the system safe all other functions are just for monitoring the drive e After configuring all functions do these two steps e Save the configuration to your PC button Save safety file e Download the configuration to the FSO 11 button Downl
113. t X113 2 on or off On pulse on off Diagnostic pulse on 194 DI X113 3 diag Diagnostic pulse of digital input X113 3 on or off On pulse on off 195 DI X113 4 diag Diagnostic pulse of digital input X113 4 on or off On pulse on off Diagnostic pulse on 196 DI X114 1 diag Diagnostic pulse of digital input X114 1 on or off On pulse on off 197 DI X114 2 diag Diagnostic pulse of digital input X114 2 on or off On pulse on off 198 DI X114 3 diag Diagnostic pulse of digital input X114 3 on or off On pulse on off on Biagnostio pulse on 199 DI X114 4 diag Diagnostic pulse of digital input X114 4 on or off On pulse on off Outputs Set the logic state for each digital output Set the length and period of the diagnostic pulse for the digital outputs Select for each output whether the diagnostic pulse is on or off No Name Value Description Example value 200 Safety Safety parameters MA 182 DO X113 7 logic Logic state of digital output X113 7 state Configuration 101 No Name Value Description Example value Active state of the output is low voltage 0 183 DO X113 8 logic Logic state of digital output X113 8 state Active state of the output is low voltage oC 4 184 DO X113 9 logic Logic state of digital output X113 9 state Active state of the output is low voltage 185 DO X114 7 logic Logic state of digital output X114 7 state Active state of the output is low voltage Oo 186 DO X114 8
114. t diagnosed Failure of a mechanical actuator for example a brake could lead up to an undetected fault and a possible loss of the load control Safety separation The FSO 11 and the drive Safe torque off STO channel function are safety relevant and the rest of the drive is considered as not safety relevant for example the drive regular I O cannot be used for requesting safety functions on the FSO 11 WARNING The Safe torque off function does not disconnect the voltage of the main and auxiliary circuits from the drive Therefore maintenance work on electrical parts of the drive or the motor can only be carried out after isolating the drive system from the main supply from the rotating permanent magnet motors and from the rotating motors equipped with sinus filters asserting the STO is not sufficient Note The Safe torque off function can be used for stopping the drive in the operational mode If a running drive is stopped by using the STO function the drive will stop by coasting 26 Safety information and considerations Overview 27 Overview Contents of this chapter This chapter briefly describes the FSO 11 with safety system components as well as the FSO 11 layout connections type designation label and operational characteristics 28 Overview System description FSO 11 and safety system components Example figure of an FSO 11 safety functions module ACS880 drive safety PLC switches and buttons
115. t this does not cause unacceptable risk Encoderless mode Note The FSO 11 uses drive output frequency measurement to estimate the motor speed instead of measuring the motor speed with an encoder This has to be taken into consideration when designing safety functions that is whether this type of speed estimation is suitable for the application Note Observe restrictions for use At least normal Identification run preferably full Identification run must be performed In the encoderless mode e the motor must decelerate when the power is switched off for example in a crane application the hanging load would potentially cause an accelerating motion thus the encoderless mode and thereby the FSO 11 cannot be used for these types of applications the drive cannot be used in generator mode torque limit operation where an external force is rotating the motor faster than the drive controls the motor the system must be designed so that it has no physical capability of accelerating decelerating from an acceptable speed to a dangerous speed within the response time of the FSO 11 see section Safety data on page 155 depending on the load the frequency estimation of an encoderless drive may not be equal to the actual induction motor speed WARNING Do not use encoderless mode in applications when the external load of the application may rotate the motor driven shaft in spite of the drive frequency In this case an encoder
116. tate STO state indication Inactive AM SBC control e potivs PRE control l STO completed i L indication A SBC delay Time from the STO activation to the moment when the mechanical brake is active on Configurable coasts to a stop from the maximum speed C STOrequest removal allowed shaded area The STO request can be removed after a minimum down time It must be removed before the acknowledgement is accepted STO activated after the STO request has been received for example from the I O SBC is activated Acknowledgement is not allowed before the motor is presumably stopped Time to zero speed Time from the STO activation to the moment when the acknowledgment becomes allowed Configured to the estimated time in which the motor Implemented safety functions 43 ID Description 4 After the time to zero speed B has elapsed the STO is completed and the acknowledgement is possible as soon as the STO request has been removed 5 After the acknowledgement manual or automatic the STO and SBC are deactivated and the control is given back to the drive which controls the brake from now on Note Logic states of the STO state indication and STO completed indication signals outputs are configurable Note STO activation also activates the SSE state indication signal output if the SSE is cascaded See Safe stop emergency SSE on page 50 and Cascade on page 38 It is possible to set the SBC
117. ten sr A master B This module is the master on cascade connection A 1 fe a otoer once comecton Sn A follower B This module is a follower on cascade connection A 2 taser E andie master on cascade comento A master B This module is the master on cascade connection A 3 mado E nine menteroncascace comen o state Active state of the output is low voltage U 2 Active high Active state of the output is high voltage 183 DO X113 8 logic Logic state of digital output X113 8 state Active state of the output is low voltage 0 Active high Active state of the output is high voltage 184 DO X113 9 logic Logic state of digital output X113 9 state Active state of the output is low voltage 0 Active high Active state of the output is high voltage No Name Value Configuration 89 Description Default sel value 185 DO X114 7 logic Logic state of digital output X114 7 state Active state of the output is low voltage 9 Active high Active state of the output is high voltage 186 DO X114 8 logic Logic state of digital output X114 8 state Active state of the output is low voltage g Active high Active state of the output is high voltage 187 DO X114 9 logic Logic state of digital output X114 9 state Active state of the output is low voltage EE Active high Active state of the output is high voltage 188 Cascade A For each FSO module in cascade A the digital input connected to the
118. that the SBC feedback input is activated after the activation of the SBC output Set an acknowledgement for example with the control panel restart the drive and check that the brake will open and the motor runs normally 136 Verification and validation Validation of the SSE and SS1 functions with time monitoring Follow the steps below to validate the SSE and SS1 functions with time monitoring each function separately 1 Check the SSE SS1 input connections from the field equipment to the FSO 11 against the circuit diagrams Ensure that parameter SSE monitoring method is set to Time parameter SS1 monitoring method is set to Time See section How to configure SSE with time monitoring on page 117 How to configure SS1 with time monitoring on page 109 Check that parameter SSE delay for STO SS1 delay for STO is set properly Start the drive and check that the motor can run at the maximum speed Activate the SSE or SS1 circuit for example disconnect the signal from the field device to the FSO 11 input Check that the speed ramps down properly and the time monitoring is set correctly If the SBC is in use check that the SBC is activated below the speed defined by parameter SSE SS1 SBC speed SSE SS1 SBC speed Check that the STO is activated Set an acknowledgement for example with the control panel restart the drive and check that the motor runs normally If the motor can rotate in the reverse direction r
119. that the brake is activated before STO ms activation Note Mechanical brake delays must be included in here 1000 Time 3 600 000 ms 15 SSE SS1 SBC Absolute speed below which the brake is activated speed while ramping If the value is 0 0 rpm this feature is not in use 00 10000rem See A 16 SBC output Digital output connected to the SBC output brake relays None No output connected o DO X113 7 amp X114 7 Redundant output X113 7 amp X114 7 8 Configuration No Name Value Description Default sel value DO X113 8 amp X114 8 Redundant output X113 8 amp X114 8 DO X113 9 amp X114 9 Redundant output X113 9 amp X114 9 17 SBC feedback type Where the SBC gets the feedback from Safety relay feedback Safety relay Feedback is connected to a safety relay inverted feedback state compared with the outputs Mechanical brake Feedback is connected to a mechanical brake same 1 feedback state as the outputs but delayed 18 SBC feedback Action taken when there is a problem on the SBC STO action feedback sto STO activated o 19 STO STO acknowledgement method Manual acknowledgement Manual Manual acknowledgement after the removal of requests Automatic Automatic acknowledgement after the removal of 1 requests 7 21 STO completed Digital output indicating completion of the STO Active None output when the time defined by parameter 9 Restart delay after STO has elapsed after the STO request
120. tional test procedure for each configurated safety function 1 Have the system at the Operational state when the safety function is requested 2 Initiate an implemented safety function by requesting it with the designated trigger device 3 Verify that the desired functionality takes place 4 Ensure that the acknowledgement has been configurated as suitable for the application for example manual automatic acknowledgement 5 Document the test results to the acceptance test report 6 Sign and file the acceptance test report Verification and validation 135 Validation of the SBC function Follow the steps below to validate the SBC function with time controlled brake 1 Ensure that parameter STO SBC usage is set to Delayed brake and parameter STO SBC delay is set correctly see section How to configure SBC after STO on page 105 and How to configure SBC before STO on page 107 Set parameter SBC feedback action in case of a problem on the SBC feedback STO or nothing Ensure that the drive can be run and stopped freely Start the drive to the maximum motor speed allowed for the application Activate the STO function for example disconnect the signal from the field device to the FSO 11 input Check that the SBC is activated after the motor has stopped when a positive STO SBC delay is used In case of a negative STO SBC delay ensure that the SBC is activated first and the STO after the delay has elapsed Check
121. ts subsystems can be restored to an as new condition or as close as practical to this condition Measure intended to achieve risk reduction Reasonably foreseeable Use of a machine in a way not intended by the designer but which misuse may result from readily predictable human behavior Reset Factory reset Clears the configuration and sets the parameters to their factory default values Residual risk Risk remaining after protective measures have been taken Response time of The internal response time of the FSO 11 that is the time in which FSO 11 the STO control output of the FSO 11 reacts after receiving a request Usually this is not the same as the time from the request to the safe state of the machine application See also term Safety function response time on page 17 Risk Combination of the probability of occurrence of harm and the severity of that harm Safe state STO activated STO relay opened Safety function Response time of the combination of the drive and FSO 11 See response time also term Response time of FSO 11 on page 17 18 Introduction to the manual Definition Safety related control Control function implemented by a SRECS with a specified integrity function SRCF level that is intended to maintain the safe condition of the machine or prevent an immediate increase of the risk s Safety related electrical Electrical control system of a machine whose failure can result in an control system SRECS imm
122. ue None Nobrake 15 SSE SS1 SBC Absolute speed below which the brake is activated while mw 0 rpm speed ramping If the value is 0 0 rpm this feature is not in use 19 STO STO acknowledgement method nal ae Automatic Automatic acknowledgement after the removal of requests 20 STO output Digital output indicating activity of the STO None No output connected o 21 STO completed Digital output indicating completion of the STO Active when the time defined by parameter 9 Restart delay after STO has elapsed after the STO request Configuration 105 Configuring SBC How to configure SBC after STO To configure the SBC after the STO set the FSO 11 parameters listed in the table below to appropriate values using the Drive composer pro PC tool For more information on the SBC after the STO see page 42 Example The figure below and the Example value column in the table show an example of a set up of the SBC after the STO STO with brake e redundant emergency button connected to input e automatic acknowledgement e restart delay after STO 1000 ms delayed brake with 900 ms delay brake connected to redundant output e STO is activated if brake feedback fails Note Maximum response time of the FSO 11 and drive combination is 100 ms STO acknowledgement Restart delay after STO STO STO TO input A TO output DI X113 1 amp X114 1 PA i None STO input B STO completed None output
123. undant connection is used TP2 Test pulse 1 TP1 Test pulse 2 DI1 Digital input 1 fl DI2 Digital input 2 vA ov y Failure can be detected X Failure cannot be detected except upon input activation when redundancy is used Outputs Failures that short circuit the signal to the voltage supply or the ground potential are detected Failures that open circuit the actuator are not detected Safety function acknowledgement modes Safety functions have two acknowledgement modes for entering the Operational state during the first start up or after a safety function request is removed Monitored In the monitored manual restart recommended the user must first acknowledge the FSO 11 state to allow the drive to restart Automatic In the automatic restart the FSO 11 grants the drive permission to restart after a safety function request is removed or the start up is complete If the drive is in the automatic start mode it starts automatically which may cause danger The acknowledgement mode can be selected separately for the start up STO SSE and SS1 always end in STO and SLS Note STO SSE and SS1 cannot be acknowledged before the motor is stopped Note The FSO 11 is not designed to protect a machine against intentional misuse 24 Safety information and considerations WARNING If the FSO 11 is used in the automatic mode make sure that the L system is designed so tha
124. ypical configurations 0 0 00 cc eee 157 ESOS tec r 158 Response TIMES ejer panes ad e ee ia ara 158 Table of contents 9 15 Dimension drawings POON CP 160 Further information Product and service inquiries ee ee ee ee eee 161 ool eir Rino PEO Aa wont a ahd Aare ROE EE acta aerate ahd eek 161 Providing feedback on ABB Drives manuals 0 000 ccc ee eee ne 161 Document library on the Internet 0 0 0 ccc eee Inn 161 10 Table of contents Safety 11 Safety Contents of this chapter This chapter explains the usage of warnings in this manual Use of warnings Warnings caution you about conditions which can result in serious injury or death and or damage to the equipment and advise on how to avoid the danger The following warning symbols are used in this manual Electricity warning warns of hazards from electricity which can cause physical injury and or damage to the equipment General warning warns about conditions other than those caused by L electricity which can result in physical injury and or damage to the equipment 12 Safety Introduction to the manual 13 Introduction to the manual Contents of this chapter This chapter states exclusion of liability and describes the applicability compatible products supported safety functions target audience and purpose of the manual The chapter also lists contents o
Download Pdf Manuals
Related Search