Functional description

The safety-related SF_GuardMonitoring function block monitors a guard (e.g., door) with two-stage interlocking according to EN 1088. The function block executes stop category 0 at its output.

S_StartReset and S_AutoReset can be used to specify a start-up inhibit and a restart inhibit.

Opening and closing the safety equipment

If the safety equipment (door) connected to the function block is opened, the function block sets its S_GuardMonitoring output to SAFEFALSE. This defined safe state is maintained until the door is closed correctly and the restart inhibit (if active) is removed.

When the safety equipment is being closed, a SAFETRUE signal at inputs S_GuardSwitch1 and S_GuardSwitch2 reports that the closing operation has been performed correctly. The switching intervals of the position switches connected to inputs S_GuardSwitch1 and S_GuardSwitch2 are only monitored during the closing operation using the time set at DiscrepancyTime.

NOTE:

If only one signal reports the status of the door (one position switch only), this must be connected in parallel to both inputs S_GuardSwitch1 and S_GuardSwitch2. In this case, a time of 0 seconds must be set at DiscrepancyTime.

Start-up inhibit (S_StartReset)

S_StartReset is used to specify the start-up inhibit after activating the function block and/or starting the Safety Logic Controller.

S_StartReset = SAFEFALSE	After the Safety Logic Controller has been started up and/or the function block has been activated at the Activate input, the start-up inhibit is active. The start-up inhibit is only removed if there is a positive signal edge at the Reset input. Refer to the hazard message below this table.
S_StartReset = SAFETRUE	After the Safety Logic Controller has been started up and/or the function block has been activated at the Activate input, no start-up inhibit is active. Refer to the section "Attention when using ...".

Removing the start-up inhibit by means of a positive signal edge at the Reset input can cause the S_GuardMonitoring output to switch to SAFETRUE immediately (depending on the status of the other inputs).

WARNING
	UNINTENDED START-UP Verify the impact of removing the start-up inhibit by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the start-up inhibit. Do not enter the zone of operation when removing the start-up inhibit. Ensure that no other persons can access the zone of operation when removing the start-up inhibit. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED START-UP

Verify the impact of removing the start-up inhibit by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the start-up inhibit.
Do not enter the zone of operation when removing the start-up inhibit.
Ensure that no other persons can access the zone of operation when removing the start-up inhibit.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Restart inhibit (S_AutoReset)

S_AutoReset is used to specify the restart inhibit after closing the safety equipment.

S_AutoReset = SAFEFALSE	The restart inhibit is active after the safety equipment has been closed. The restart inhibit is only removed if there is a positive signal edge at the Reset input. Refer to the hazard message below this table.
S_AutoReset = SAFETRUE	The restart inhibit is not specified. As soon as the door is closed and SAFETRUE is present again at inputs S_GuardSwitch1 and S_GuardSwitch2 within the time set at DiscrepancyTime, the S_GuardMonitoring output automatically switches to SAFETRUE. Refer to the section "Attention when using ...".

After the restart inhibit has been removed, the status at the S_GuardMonitoring output can switch from SAFEFALSE to SAFETRUE.

WARNING
	UNINTENDED START-UP Verify the impact of removing the restart inhibit by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the restart inhibit. Do not enter the zone of operation when removing the restart inhibit. Ensure that no other persons can access the zone of operation when removing the restart inhibit. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED START-UP

Verify the impact of removing the restart inhibit by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the restart inhibit.
Do not enter the zone of operation when removing the restart inhibit.
Ensure that no other persons can access the zone of operation when removing the restart inhibit.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Attention when using S_AutoReset = SAFETRUE and/or S_StartReset = SAFETRUE

The start-up inhibit and/or restart inhibit must only be deactivated if it is certain that starting up/restarting the machine/system will not lead to a hazardous situation or that a suitable start-up/restart inhibit is in place at another location or using other means.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation. Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit. Verify that a suitable start-up inhibit is in place at another location or using other means. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation.
Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit.
Verify that a suitable start-up inhibit is in place at another location or using other means.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Interlocking and guard locking according to EN 1088

The function block fully supports two-stage interlocking in accordance with EN 1088.

NOTE:

The safety-related SF_GuardMonitoring function block does not support the monitoring of a guard with guard locking.

For this reason, the overtravel and access times of the machines and system parts to be secured must be taken into account during the risk assessment process. If the overtravel time of the machine or system in the zone of operation is greater than the possible access time (the period within which a person can reach the zone of operation), interlocking devices with guard locking must be used. In such cases, the safety-related SF_GuardLocking function block is to be used.

WARNING
	UNINTENDED EQUIPMENT OPERATION Perform an in-depth risk assessment that includes all items in the safety path, including access times to zones of operation, to determine the appropriate safety-related equipment for your specific application, based on all the applicable standards. Failure to follow these instructions can result in death, serious injury, or equipment damage.

Safety equipment with two position switches

If two single-channel position switches are used in the safety equipment, their signals must be connected individually to the Safety Logic Controller. Connect one of the signals to input S_GuardSwitch1 of the function block and the other to the second input S_GuardSwitch2.

If two two-channel position switches are used in the safety equipment, the four signals must be connected individually to the Safety Logic Controller.

The two-channel evaluation of the signals for each position switch must be performed outside of the safety-related SF_GuardMonitoring function block, either through respective parameterization of the input channels of the safety-related input device or by using the safety-related SF_Equivalent or SF_Antivalent function block upstream. This evaluation should result in one signal for each of the position switches. Connect one of the signals to input S_GuardSwitch1 of the function block and the other to the second input S_GuardSwitch2.

NOTE:

Cross-circuit monitoring is not performed by the function block. It is your responsibility to perform this monitoring function outside of this function block in the safety-related control system.

Safety equipment with one position switch

If one single-channel position switch is used in the safety equipment, you must connect its signal to both inputs S_GuardSwitch1 and S_GuardSwitch2 of the function block.

If one two-channel position switch is used in the safety equipment, its signals must be connected individually to the Safety Logic Controller.

The two-channel evaluation of the signals for each position switch must be performed outside of the safety-related SF_GuardMonitoring function block, either through respective parameterization of the input channels of the safety-related input device or by using the safety-related SF_Equivalent or SF_Antivalent function block upstream. This evaluation should produce one signal for the position switch.

NOTE:

If only one signal reports the status of the door (one position switch only), this must be connected in parallel to both inputs S_GuardSwitch1 and S_GuardSwitch2. In this case, a time of 0 seconds must be set at DiscrepancyTime.

NOTE:

The following applies to both scenarios (one and two position switches):

The S_GuardMonitoring output of the function block is only switched to SAFETRUE if both inputs S_GuardSwitch1 and S_GuardSwitch2 are showing the SAFETRUE state and the rest of the signal combination is valid for such a scenario.

Number and design of supported position switches

The function block supports safety equipment with one or two mechanical or non-mechanical position switches.

Depending on the safety category (EN ISO 13849-1) or SIL (IEC 61508), single-channel or two-channel position switches with an equivalent or antivalent switch contact arrangement are required.

Monitoring of two-channel operation (cross-circuit detection) and the equivalence or antivalence of the signals must be performed outside of the SF_GuardMonitoring function block, either through respective parameterization of the input channels of the safety-related input device or by using the safety-related SF_Equivalent or SF_Antivalent function block upstream.

SF_GuardMonitoring processes one signal per position switch which, for two-channel position switches, results from the evaluation of two-channel functionality, either through respective parameterization of the input channels of the safety-related input device or by using the safety-related SF_Equivalent or SF_Antivalent function block upstream.

The position switches you are using must comply with the requirements of the EN 1088 standard.