SF_GuardLocking

 

 

The following description is valid for the function block SF_GuardLock­ing_V1_0z, Version 1.0z (where z = 0 to 9).

Short description

The safety-related SF_GuardLocking function block supports the monitoring of a guard with guard locking (door monitoring with a four-stage interlocking according to the EN 1088 standard).

S_StartReset can be used to specify a start-up inhibit and S_AutoReset can be used to specify a restart inhibit.

PROG_GuardLocking_icon_editor.png

NOTE:

All the safety-related switches used in your application must meet the requirements of the EN 1088 standard.

Function block inputs

Click the corresponding hyperlinks to obtain detailed information on the items below.

Name

Short description

Value

Activate

State-controlled  input for activating the function block.

Data type: BOOL

Initial value: FALSE

  • FALSE: Function block inactive

  • TRUE: Function block activated

S_GuardMonitoring

State-controlled  input for signaling open or closed safety equipment (e.g., by means of a position switch on the door).

Data type: SAFEBOOL

Initial value: SAFEFALSE

  • SAFEFALSE: Safety equipment is open

  • SAFETRUE: Safety equipment is closed

S_SafetyActive

State-controlled  input for the status of the zone of operation.

This input indicates whether the zone of oper­ation is in the defined safe state. (Monitoring using standstill monitor, for example).

Data type: SAFEBOOL

Initial value: SAFEFALSE

  • SAFEFALSE: The zone of operation signals the non-safe state

  • SAFETRUE: The zone of operation signals the defined safe state

S_GuardLock

State-controlled  input for the status of the guard locking on the safety equipment. This input processes the feedback signal for locking/unlocking the safety equipment (single-channel or two-channel).

Data type: SAFEBOOL

Initial value: SAFEFALSE

  • SAFEFALSE: The door is not locked. The safety equip­ment can be opened.

  • SAFETRUE: The door is locked

UnlockRequest

State-controlled and edge-triggered  input for the request signal to unlock the door (or the guard locking).

Data type: BOOL

Initial value: FALSE

  • FALSE: No request to unlock the door

  • Edge FALSE > TRUE: Request to unlock the door

  • TRUE: The TRUE signal must be main­tained for as long as the guard locking is unlocked via S_Un­lockGuard (e.g., opening the safety equipment)

S_StartReset

State-controlled  input for specifying the start-up inhibit after the Safety Logic Controller has been started up or the function block has been activated.

Data type: SAFEBOOL

Initial value: SAFEFALSE

An active start-up inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated start-up inhibit causes the S_GuardLocked output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is not requested.

Refer to the first hazard message below this table.

  • SAFEFALSE: With start-up inhibit

  • SAFETRUE: Without start-up inhibit

S_AutoReset

State-controlled  input for specifying the restart inhibit after the safety equipment has been closed (S_GuardMonitoring = SAFETRUE) and locked (S_GuardLock = SAFETRUE).

Data type: SAFEBOOL

Initial value: SAFEFALSE

An active restart inhibit must be removed manually by means of a positive signal edge at the Reset input. A deactivated restart inhibit causes the S_GuardLocked output to switch to SAFETRUE automatically when the function block is activated and the safety-related function is no longer requested.

Refer to the first hazard message below this table.

  • SAFEFALSE: With restart inhibit

  • SAFETRUE: Without restart inhibit

Reset

Edge-triggered  input for the reset signal:

  • Resetting error messages when the cause of the error is no longer present.

  • Manual resetting of an active start-up/restart inhibit (specified by S_Star­tReset and/or S_Au­toReset).

Refer to the second hazard message below this table.

Data type: BOOL

Initial value: FALSE

NOTE:

Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a posi­tive (rising) edge.

  • FALSE: Reset is not requested

  • Edge FALSE > TRUE: Reset is requested

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIRE­MENTS

  • Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation.

  • Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit.

  • Verify that a suitable start-up inhibit is in place at another location or using other means.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Resetting the function block by means of a positive signal edge at the Reset input can cause the S_GuardLocked output to switch to SAFETRUE immediately (depending on the status of the other inputs).

WARNING

UNINTENDED START-UP

  • Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input.

  • Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting.

  • Do not enter the zone of operation when resetting.

  • Ensure that no other persons can access the zone of operation when resetting.

  • Use appropriate safety interlocks where personnel and/or equip­ment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Function block outputs

Click the corresponding hyperlinks to obtain detailed information on the items below.

Name

Short description

Value

Ready

Output for signaling "Function block activated/not activated".

Data type: BOOL

  • FALSE: Function block is not activated (Activate = FALSE) and all outputs of the function block are switched to FALSE/SAFE­FALSE.

  • TRUE: Function block is activated (Activate = TRUE) and the output parameters repre­sent the state of the safety-related func­tion.

S_GuardLocked

Output for enable signal of the function block.

Data type: SAFEBOOL

  • SAFEFALSE:

    • Guard is open

    • or closed but not locked

    • or the function block is not activated

    • or the start-up/restart inhibit is active

    • or an error message is present.

  • SAFETRUE:

    • Guard is closed and locked

    • and function block is activated

    • and the start-up/restart inhibit is not active

    • and no error message is present.

S_UnlockGuard

Output of the unlock signal for the guard locking on the safety equipment (used for controlling the coil on the door switch with guard locking).

Data type: SAFEBOOL

  • SAFEFALSE: Request to lock the guard locking (safety equipment is guarded)

  • SAFETRUE: Request to unlock the guard locking (safety equipment is not guarded)

Error

Output for error message.

Data type: BOOL

  • FALSE: No error is present.

  • TRUE: The function block has detected an error. The S_GuardLocked and S_UnlockGuard outputs are switched to SAFEFALSE as a result.

DiagCode

Output for diagnostic message.

Data type: WORD

Diagnostic message of the function block.

The possible values are listed and described in the topic "Diagnostic codes".

Signal sequence diagram

The diagram below shows the signal sequence of a typical application, based on the following assumptions:

S_StartReset = SAFEFALSE: Start-up inhibit after the function block has been activated and the Safety Logic Controller has started up.

S_AutoReset = SAFEFALSE: Restart inhibit after the guard locking on the closed safety equipment has been locked (i.e., once the SAFETRUE signal has returned at the S_GuardLock input).

NOTE:

The signal sequence diagrams in this documentation possibly omit particular diagnostic codes. For example, a diagnostic code is possibly not shown if the related function block state is a temporary transition state and only active for one cycle of the Safety Logic Controller.

Only typical input signal combinations are illustrated. Other signal combinations are possible.

PROG_GuardLocking_Signal1.png

0

The function block is not yet activated (Activate = FALSE).

As a result, all outputs are FALSE or SAFEFALSE.

1

Function block activated by Activate = TRUE.

Even though the safety equipment is closed (S_GuardMonitoring = SAFETRUE) and locked (S_GuardLock = SAFETRUE) and the zone of operation signals the defined safe state (S_SafetyActive = SAFETRUE), the S_GuardLocked output  = SAFEFALSE, as a start-up inhibit (S_StartReset = SAFEFALSE) is specified.

2

A positive edge at the Reset input removes the start-up inhibit and the S_GuardLocked output switches to SAFETRUE.

The S_GuardLocked output remains SAFETRUE, although the S_SafetyActive input is SAFEFALSE for some time (zone of operation is temporarily no longer in the defined safe state).

3

The request to unlock the guard locking triggered by UnlockRequest = TRUE and the confirmation that the zone of operation is in the defined safe state again (S_SafetyActive = SAFETRUE) cause the S_GuardLocked output to switch to SAFEFALSE and the S_UnlockGuard output to SAFETRUE.

The S_UnlockGuard output remains SAFETRUE for as long as the unlock request is present at the UnlockRequest input.

4

The safety equipment is opened (S_GuardMonitoring and S_GuardLock both become SAFEFALSE) and closed again (S_GuardMonitoring becomes SAFETRUE again), but not locked after closing (S_GuardLock remains SAFEFALSE). Therefore, the S_GuardLocked output remains SAFEFALSE.

5

The S_UnlockGuard output switches to SAFEFALSE, as input UnlockRequest is now also FALSE. The safety equipment is not yet locked (S_GuardLock is still SAFEFALSE).

NOTE:

The other signal sequence diagram can be taken into account.

Application example: Single-channel connection of door switch and guard locking interlock

This example describes the connection of a single-channel guard with lockable guard locking to the safety-related SF_GuardLocking function block. A start-up inhibit and a restart inhibit are specified.

In this example, the arrangement of the switch meets the requirements of EN 1088, Appendix M.

The door switch and the contact for confirmation of locking have a single-channel connection to the inputs of the Safety Logic Controller. The coil for opening the interlock also has a single-channel connection to an output of the Safety Logic Controller.

The sensors/actuators are connected to the Safety Logic Controller and function block as follows:

S_StartReset and S_AutoReset are both switched to SAFEFALSE, in other words:

NOTE:

The "Machine stopped"' signal is connected to input S_SafetyActive of the SF_GuardLocking function block; this signal originates from a stand­still monitor, for example.

The enable output S_GuardLocked of the SF_GuardLocking function block is directly connected to a global I/O variable or to an output terminal of the application via further safety-related functions/function blocks.

Connect the S_GuardLocked enable output of the SF_GuardLocking function block to the S_OutControl input of the SF_EDM function block, for example, thus implementing a two-channel output connection.

PROG_GuardLock_ApplicationExample1.png

S1

Safety-related switch with guard locking, contains

   - Door switch (B1), single-channel

   - Lock monitoring of the guard locking (contact -K1) and

   - Coil (K1) for opening the interlock

(*1)

Guard locking of S1: open

(*2)

Guard locking of S1: closed

S2

Request to unlock the door

S3

Reset button for resetting errors and removing an active start-up inhibit/restart inhibit

S4

Button for stopping the machine.

S4i

Signal for stopping the machine.

noteOnImage.png 

See note above the illustration.

Detailed information

Additional information is available in the following sections:

EIO0000002269.01

© Copyright 2019, Schneider Electric