Prerequisites and Requirements for Using the Safety-Related Functions

General

The safety-related function STO (Safe Torque Off) does not remove power from the DC bus. The safety-related function STO only removes power to the motor. The DC bus voltage and the mains voltage to the drive are still present.

DANGER
	ELECTRIC SHOCK Do not use the safety-related function STO for any other purposes than its intended function. Use an appropriate switch, that is not part of the circuit of the safety-related function STO, to disconnect the drive from the mains power. Failure to follow these instructions will result in death or serious injury.

After the safety-related function STO is triggered, the motor can no longer generate torque and coasts down without braking.

WARNING
	UNINTENDED EQUIPMENT OPERATION Install a dedicated, external safety-related brake if coasting does not meet the deceleration requirements of your application. Failure to follow these instructions can result in death, serious injury, or equipment damage.

Holding Brake and Safety-Related Function STO

When the safety-related function STO is triggered, the power stage is immediately disabled. Applying the holding brake requires a certain amount of time. In the case of vertical axes or external forces acting on the load, you may have to take additional measures to bring the load to a standstill and to keep it at a standstill when the safety-related function STO is used, for example, by using a service brake.

WARNING
	FALLING LOAD Ensure that all loads come to a secure standstill when the safety-related function STO is used. Failure to follow these instructions can result in death, serious injury, or equipment damage.

If the suspension of hanging / pulling loads is a safety objective for the machine, then you can only achieve this objective by using an appropriate external brake as a safety-related measure.

WARNING
	UNINTENDED AXIS MOVEMENT Do not use the internal holding brake as a safety-related measure. Only use certified external brakes as safety-related measures. Failure to follow these instructions can result in death, serious injury, or equipment damage.

NOTE: The drive does not provide its own safety-related output to connect an external brake to use as a safety-related measure.

Stops with Stop Category 0 and Stop Category 1

IEC 60204-1 defines several stop categories for stop functions. As opposed to a stop with stop category 1 which actively decelerates the motor to a standstill (power available to the motor to achieve the stop) before power is removed, a stop with stop category 0 immediately removes power to the motor. Consequently, the motor coasts down to a standstill. Coasting down is subject to the external forces interacting with the load, such as inertia and gravity. The safety-related function STO corresponds to a stop with stop category 0.

Depending on your application, a stop with stop category 0 may not be sufficient to remove the hazards. For example, the available rotational or axial distance required to come to a complete standstill by coasting down may not be sufficient at a specific load. This could result in collisions of machine parts. In addition, the distance between the guard and hazardous machine parts must be sufficiently great so that a machine operator can only reach such parts after the coasting period has finished. Such distances are specified, for example, in ISO 13855.

WARNING
	UNINTENDED EQUIPMENT OPERATION Make certain that no hazards can arise for persons or material during the coast down period of the axis/machine. Do not enter the zone of operation during the coast down period. Ensure that no other persons can access the zone of operation during the coast down period. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED EQUIPMENT OPERATION

Make certain that no hazards can arise for persons or material during the coast down period of the axis/machine.
Do not enter the zone of operation during the coast down period.
Ensure that no other persons can access the zone of operation during the coast down period.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Unintended Restart

WARNING
	UNINTENDED EQUIPMENT OPERATION Verify that your risk assessment covers all potential effects of automatic or unintended enabling of the power stage, for example, after power outage. Implement all measures such as control functions, guards, or other safety-related functions, required to reliably protect against all hazards that may result from automatic or unintended enabling of the power stage. Verify that a master controller cannot enable the power stage in an unintended way. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify that your risk assessment covers all potential effects of automatic or unintended enabling of the power stage, for example, after power outage.
Implement all measures such as control functions, guards, or other safety-related functions, required to reliably protect against all hazards that may result from automatic or unintended enabling of the power stage.
Verify that a master controller cannot enable the power stage in an unintended way.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING
	UNINTENDED EQUIPMENT OPERATION Set the parameter IO_AutoEnable to "off" if the automatic enabling of the power stage presents hazards in your application. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING
	UNINTENDED EQUIPMENT OPERATION Use Manual Start/Restart if unintended restart is a hazard according to your risk assessment. Failure to follow these instructions can result in death, serious injury, or equipment damage.

Direction of Movement and Scaling

Movements are made in positive or in negative directions. In the case of rotary motors, direction of movement is defined in accordance with IEC 61800-7-204: Positive direction is when the motor shaft rotates clockwise as you look at the end of the protruding motor shaft.

Modifying the parameter InvertDirOfMove (inversion of the direction of movement) does not modify the limit values in the safety module eSM.

Modifying the scaling parameters ScaleVELnum, ScaleVELdenom, ScaleRAMPnum and ScaleRAMPdenom does not modify the limit values in the safety module eSM.

Motor-Induced Movement With Active STO

In the case of a short circuit of the power stage transistors, a motor-induced movement is possible when the safety-related function STO is active. The maximum motor-induced movement in the case of active STO amounts to one half of the motor pole pitch.

WARNING
	INEFFECTIVE SAFETY-RELATED FUNCTION AND/OR UNINTENDED EQUIPMENT OPERATION In your risk assessment, take into account the specified maximum motor-induced movement possible when the safety-related function STO is active. Implement all measures required to remove the hazards that can result from such movements. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

INEFFECTIVE SAFETY-RELATED FUNCTION AND/OR UNINTENDED EQUIPMENT OPERATION

In your risk assessment, take into account the specified maximum motor-induced movement possible when the safety-related function STO is active.
Implement all measures required to remove the hazards that can result from such movements.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Type of motor	Unit	Maximum possible motor-induced movement
Motors with 3 pairs of poles	°	60
Motors with 4 pairs of poles	°	45

Degree of Protection With Safety-Related Functions

You must ensure that conductive substances cannot get into the product (pollution degree 2). Moreover, conductive substances may cause the safety-related function to become inoperative.

WARNING
	INOPERABLE SAFETY-RELATED FUNCTION Ensure that conductive substances (water, contaminated or impregnated oils, metal shavings, etc.) cannot get into the drive. Failure to follow these instructions can result in death, serious injury, or equipment damage.

Protected Cable Installation

If short circuits and other wiring errors such as a cross circuit between the signals of the safety-related function STO can be expected in connection with safety-related signals, and if these short circuits and cross circuits are not detected by upstream devices, protected cable installation as per ISO 13849‑2 is required.

In the case of an unprotected cable installation, the two signals (both channels) of a safety-related function may be connected to external voltage if a cable is damaged. If the two channels are connected to external voltage, the safety-related function is no longer operative.

ISO 13849-2 describes protected cable installation for cables for safety-related signals. The cables for the safety-related function STO must be protected against external voltage. A shield with ground connection helps to keep external voltage away from the cables for the signals of the safety-related function STO.

Ground loops can cause problems in machines. A shield connected at one end only is sufficient for grounding and does not create a ground loop.

Use shielded cables for the signals of the safety-related function STO.
Do not use the cable for the signals of the safety-related function STO for other signals.
Connect one end of the shield.