Functional description

The safety-related SF_EnableSwitch_SE function block evaluates the signals of a manually actuated three-stage enable switch (in accordance with EN 60204) in order to identify its switching stage and direction.

The SF_EnableSwitch_SE function block supports the Schneider Electric enable switch types "Preventa XY2 XY2AU1" and "Preventa XY2 XY2AU2". The function block evaluates 3 input signals (while the PLCopen SF_EnableSwitch function block evaluates two input signals). The function block additionally monitors signal equivalence at its inputs S_EnableSwitchCh1 and S_EnableSwitchCh3.

The connected enable switch can be used to remove safeguarding, provided that the appropriate operating mode (e.g., limitation of the speed or range of motion) is selected and active.

The safety-related function block may only enable the removal of the safeguarding following a change from switching stage 0 to switching stage 1. It is not permitted for the function block to remove the safeguarding with other switching directions or stages.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Verify that the safety-related function block only enables the removal of the safeguarding following a change from switching stage 0 to switching stage 1. Failure to follow these instructions can result in death, serious injury, or equipment damage.

NOTE:

You must select the corresponding operating mode (limitation of the speed or range of motion) outside of the SF_EnableSwitch_SE function block. This also applies to the connection of the feedback signal (S_SafetyActive) which indicates whether or not the selected operating mode is active.

S_AutoReset can be used to specify a restart inhibit.

The function block executes stop category 0 at its S_EnableSwitchOut output.

Requirements to the enable switch

The SF_EnableSwitch_SE function block supports the Schneider Electric enable switch types "Preventa XY2 XY2AU1" and "Preventa XY2 XY2AU2". These are three-stage enable switches which meet the requirements of EN 60204.

Further Information:

The switching-path diagram, a connection scheme, and the resulting signals (switching stages) at the function block inputs can be found in the overview for this function block.

General requirements

The switching device used as enable switch must comply to the requirements of the EN 60204 standard. The operating mode must be selected according to your risk analysis.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Verify that the operating mode of the machine according to your risk analysis is set. Verify that suitable measures safely block any automatic operation of the machine in this operating mode. Failure to follow these instructions can result in death, serious injury, or equipment damage.

You specify the operating mode by means of a mode selector switch in conjunction with the SF_ModeSelector function block.

The safety-related SF_EnableSwitch_SE function block processes the confirmation of the selected operating mode via the signal at input S_SafetyActive.

Equivalence evaluation of inputs S_EnableSwitchCh1 and S_EnableSwitchCh3

The function block monitors the equivalent switching operation at the inputs S_EnableSwitchCh1 and S_EnableSwitchCh3.

As a result of mechanical influences, signals may have a tolerance when switching contacts. By specifying the DiscrepancyTimeCh1_Ch3 value, the time period is defined within which the switching operations at the inputs S_EnableSwitchCh1 and S_EnableSwitchCh3 must occur to be recognized as valid. This means both inputs can switch to SAFETRUE or SAFEFALSE within the set discrepancy time.

Restart inhibit (S_AutoReset)

S_AutoReset is used to specify the restart inhibit after a valid signal combination returns at inputs S_EnableSwitchCh1, S_EnableSwitchCh2 and S_EnableSwitchCh3.

S_AutoReset = SAFEFALSE	Active restart inhibit after error message. The restart inhibit is only removed if there is a positive signal edge at the Reset input.¹
S_AutoReset = SAFETRUE	Restart inhibit is not specified. As soon as the enable switch applies a valid signal combination at the inputs again following an error message, the function block switches the enable output accordingly.²

¹	After the restart inhibit has been removed, the status at the S_EnableSwitchOut output can switch from SAFEFALSE to SAFETRUE immediately if there is a valid signal combination at the other inputs.

WARNING
	UNINTENDED START-UP Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input. Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting. Do not enter the zone of operation when resetting. Ensure that no other persons can access the zone of operation when resetting. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED START-UP

Include in your risk analysis the impact of the reset by means of a positive signal edge at the Reset input.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to help avoid hazardous situations when resetting.
Do not enter the zone of operation when resetting.
Ensure that no other persons can access the zone of operation when resetting.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

²	The restart inhibit must only be deactivated (S_AutoReset = SAFETRUE) if it is certain that starting up the machine/system will not lead to a hazardous situation or that a suitable restart inhibit is in place at another location or using other means.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Be sure that your risk analysis includes an evaluation if the restart inhibit is deactivated (S_AutoReset = SAFETRUE). Observe the regulations given by relevant sector standards regarding the restart inhibit. Verify that a suitable start-up inhibit is in place at another location or using other means if the restart inhibit is deactivated by setting S_AutoReset = SAFETRUE. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Be sure that your risk analysis includes an evaluation if the restart inhibit is deactivated (S_AutoReset = SAFETRUE).
Observe the regulations given by relevant sector standards regarding the restart inhibit.
Verify that a suitable start-up inhibit is in place at another location or using other means if the restart inhibit is deactivated by setting S_AutoReset = SAFETRUE.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Start-up inhibit after the Safety Logic Controller has been started up

If a confirmation that the operating mode has been set (input S_SafetyActive = SAFETRUE) already exists when the Safety Logic Controller is started up, the signal combination for switching stage 0 (enable switch not actuated) must be present at inputs S_EnableSwitchCh1, S_EnableSwitchCh2 and S_EnableSwitchCh3. If not, the function block outputs an error message and the S_EnableSwitchOut output remains in the defined safe state SAFEFALSE.