Functional description

The safety-related SF_GuardLocking function block supports the monitoring of a guard with guard locking (door monitoring with a four-stage interlocking according to EN 1088).

To this end, the safety-related SF_GuardLocking function block evaluates the following signals:

Status of the safety equipment (open/closed, input S_GuardMonitoring)
Status of the guard locking on the safety equipment (guard locking active/not active, input S_GuardLock)
Operational status in the zone of operation (defined safe state/non-safe state, input S_SafetyActive)
Request signal for unlocking (input UnlockRequest)
Request for a
- Start-up inhibit after the Safety Logic Controller has been started up or the function block has been activated (S_StartReset) and/or
- Restart inhibit after the 'relocking' of the safety equipment (S_AutoReset).

The function block executes stop category 0 at its output.

Unlocking the guard locking on the safety equipment

The guard locking on the safety equipment should only be unlocked once the zone of operation is in the defined safe state, for example, by stopping a machine or system.

The safety-related SF_GuardLocking function block itself cannot be used to set the defined safe state of the zone of operation; this must be done separately from the function block. You should then connect the signal that indicates the defined safe state of the zone of operation to the S_SafetyActive input of the safety-related SF_GuardLocking function block.

Only when the zone of operation is in the defined safe state (S_SafetyActive = SAFETRUE) and a request is made to unlock the guard locking on the safety equipment (UnlockRequest = TRUE) does the function block switch the request signal for unlocking the safety equipment to SAFETRUE at its S_UnlockGuard output.

The S_UnlockGuard output controls the coil of the guard locking, i.e., it can lock or unlock the guard locking on the safety equipment.

Opening the safety equipment

Once the guard locking has been unlocked, the safety equipment can be opened.

The signal at input S_GuardMonitoring switches to SAFEFALSE if the safety equipment (door) connected to the function block is opened.

When the safety equipment is open, the zone of operation must remain in the defined safe state, i.e., input S_SafetyActive must remain SAFETRUE. If this is not the case and the monitoring function, which is performed outside of the function block, delivers a SAFEFALSE signal, the safety-related SF_GuardLocking function block switches to the error state and sets its Error output to TRUE. The defined safe state S_GuardLocked = SAFEFALSE is maintained.

Closing the safety equipment

The value SAFETRUE at the S_GuardMonitoring input of the function block indicates that the safety equipment is closed.

If the unlock request (input UnlockRequest = TRUE) remains even after the safety equipment has been closed, the safety equipment can be opened again. If this is not the case (if UnlockRequest = FALSE), the function block requests the guard locking on the safety equipment by setting its S_UnlockGuard to SAFEFALSE: Now, the safety equipment cannot be opened again.

Locking the safety equipment

If the safety equipment monitored by the function block is closed again and the guard locking on the safety equipment is requested (UnlockRequest = FALSE), the function block switches its S_UnlockGuard output to SAFEFALSE. This output controls the coil responsible for locking the guard locking.

NOTE:

The fact that the safety equipment is locked is confirmed by means of a guard locking SAFETRUE feedback signal at the S_GuardLock input. However, if SAFEFALSE is detected at S_GuardLock in this situation, the S_GuardLocked output switches to SAFEFALSE and remains in this defined safe state. In addition, the Error output is switched to TRUE.

Start-up inhibit (S_StartReset)

S_StartReset is used to specify the start-up inhibit after activating the function block and/or starting the Safety Logic Controller.

S_StartReset = SAFEFALSE	After the Safety Logic Controller has been started up and/or the function block has been activated at input Activate, the start-up inhibit is active. The start-up inhibit is only removed if there is a positive signal edge at the Reset input. Refer to the hazard message below this table.
S_StartReset = SAFETRUE	After the Safety Logic Controller has been started up and/or the function block has been activated at input Activate, no start-up inhibit is active. Refer to the section "Attention when using ...".

Removing the start-up inhibit by means of a positive signal edge at the Reset input can cause the S_GuardLocked output to switch to SAFETRUE immediately (depending on the status of the other inputs).

WARNING
	UNINTENDED START-UP Verify the impact of removing the start-up inhibit by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the start-up inhibit. Do not enter the zone of operation when removing the start-up inhibit. Ensure that no other persons can access the zone of operation when removing the start-up inhibit. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED START-UP

Verify the impact of removing the start-up inhibit by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the start-up inhibit.
Do not enter the zone of operation when removing the start-up inhibit.
Ensure that no other persons can access the zone of operation when removing the start-up inhibit.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Restart inhibit (S_AutoReset)

S_AutoReset is used to specify the restart inhibit after the closed safety equipment has been locked.

S_AutoReset = SAFEFALSE	Once the closed safety equipment has been guarded (locked), the restart inhibit is active. The restart inhibit is only removed if there is a positive signal edge at the Reset input. Refer to the hazard message below this table.
S_AutoReset = SAFETRUE	The restart inhibit is not specified. As soon as the closed safety equipment is guarded, resulting in SAFETRUE returning at input S_GuardLock, the S_GuardLocked output switches to SAFETRUE automatically. Refer to the section "Attention when using ...".

After the restart inhibit has been removed, the status at the S_GuardLocked output can switch from SAFEFALSE to SAFETRUE.

WARNING
	UNINTENDED START-UP Verify the impact of removing the restart inhibit by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the restart inhibit. Do not enter the zone of operation when removing the restart inhibit. Ensure that no other persons can access the zone of operation when removing the restart inhibit. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED START-UP

Verify the impact of removing the restart inhibit by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the restart inhibit.
Do not enter the zone of operation when removing the restart inhibit.
Ensure that no other persons can access the zone of operation when removing the restart inhibit.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Attention when using S_AutoReset = SAFETRUE and/or S_StartReset = SAFETRUE

The start-up inhibit and/or restart inhibit must only be deactivated if it is certain that starting up/restarting the machine/system will not lead to a hazardous situation or that a suitable start-up/restart inhibit is in place at another location or using other means.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation. Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit. Verify that a suitable start-up inhibit is in place at another location or using other means. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Verify the impact of a deactivated start-up inhibit (S_StartReset = SAFETRUE) and/or restart inhibit (S_AutoReset = SAFETRUE) on your machine or process prior to implementation.
Observe the regulations given by relevant sector standards regarding the start-up/restart inhibit.
Verify that a suitable start-up inhibit is in place at another location or using other means.

Failure to follow these instructions can result in death, serious injury, or equipment damage.