Implementation of safety requirements from applicable standards

The function block has been developed according to the safety requirements (from applicable standards) listed in this section. All other requirements from these standards must be observed when implementing the safety-related function.

This section describes either how the function block meets the requirements of the standards or what measures need to be taken to meet the requirements of the standards.

Standards

Context/Requirement

Implementation

EN 953

Control guard

  • The hazardous machine functions for which the guard offers protection cannot be performed unless the guard is closed.

  • Closing the guard initiates the hazardous machine functions.

If the state at either or both of the safety-related inputs of the safety-related function block (S_GuardSwitch1 or S_GuardSwitch2) is SAFEFALSE, the S_GuardMonitoring output will be switched to SAFEFALSE.

If the SAFETRUE value has been set for S_AutoReset and both safety-related inputs (S_GuardSwitch1 and S_GuardSwitch2) have been switched symmetrically from SAFEFALSE to SAFETRUE, the S_GuardMonitoring output becomes SAFETRUE if the safety-related function block is activated.

If the SAFETRUE value has been set for S_StartReset and the SAFETRUE state is present at both safety-related inputs (S_GuardSwitch1 and S_GuardSwitch2), the S_GuardMonitoring output becomes SAFETRUE after the function block has been activated.

You are responsible for planning and implementing all requirements for the use of control guards.

EN 1088

Interlocking guard

  • The hazardous machine functions 'covered' by the safety equipment cannot be performed until it is closed.

  • If the safety equipment is opened while the hazardous machine functions are operating, a stop instruction is given.

  • If the safety equipment is closed, the hazardous machine functions for which the guard offers protection can be performed, but closing the guard does not actually trigger this process.

If the state at either or both of function block inputs S_GuardSwitch1 and/or S_GuardSwitch2 is SAFEFALSE, the S_GuardMonitoring output will be switched to SAFEFALSE.

If S_AutoReset has been switched to SAFEFALSE and both inputs S_GuardSwitch1 and S_GuardSwitch2 have been switched symmetrically from SAFEFALSE to SAFETRUE, the S_GuardMonitoring output becomes SAFETRUE if the safety-related function block is activated and a signal change from FALSE to TRUE has occurred at the Reset input.

If S_StartReset has been switched to SAFEFALSE and the SAFETRUE state is present at both safety-related inputs (S_GuardSwitch1 and S_GuardSwitch2), the S_GuardMonitoring output becomes SAFETRUE after the function block has been activated if a signal change from FALSE to TRUE occurred at the Reset input.

EN ISO 13849-1

Manual reset device

The Reset input supports the function of the manual reset device.

NOTE:

Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a positive (rising) edge.

EN ISO 12100-2

Start-up after failure of supply voltage/spontaneous restart

The function block supports a start-up inhibit and/or restart inhibit of the function block after

  • start-up of the Safety Logic Controller or activation of the function block (S_StartReset = SAFEFALSE)

  • the safety equipment has been closed, in other words, the SAFETRUE signal has returned at S_GuardSwitch1 and S_GuardSwitch2 (S_AutoReset = SAFEFALSE).

You are responsible for planning and implementing the start-up/restart behavior according to your risk analysis. To prevent an unintended start-up/restart, you may need to perform an additional function start once the safety-related function has been reset. This will depend on both the results of the risk analysis and the signal path of the reset signal.

EN ISO 13849-1

Category B to 4

Single-channel or two-channel connection must be established depending on the category.

NOTE:

Cross-circuit monitoring is not performed by the function block. It is your responsibility to perform this monitoring function outside of this function block in the safety-related control system.

EN 1088

Positive opening operation of a contact element

The position switches you are using must satisfy the requirements of EN 1088. You are also responsible for the overall design and implementation of the safety equipment.

EN 1088

Two-stage interlocking

Interlocking device without guard locking

If the state at either or both inputs S_GuardSwitch1 and/or S_GuardSwitch2 is SAFEFALSE, the S_GuardMonitoring output will be switched to SAFEFALSE.

If both inputs S_GuardSwitch1 and S_GuardSwitch2 have been switched symmetrically from SAFEFALSE to SAFETRUE, the S_GuardMonitoring output switches to SAFETRUE if the function block is activated. Depending on the value set for S_StartReset, a signal change from FALSE to TRUE is additionally required at the Reset input.

If the state at both the safety-related inputs S_GuardSwitch1 and S_GuardSwitch2 is SAFETRUE, the S_GuardMonitoring output becomes SAFETRUE after the function block has been activated. Depending on the value set for S_StartReset, a signal change from FALSE to TRUE is also required at the Reset input.

EIO0000002269.01

© 2020

Schneider Electric.

All rights reserved.