BU0235 EN 2917 Screen

Download as pdf or txt
Download as pdf or txt
You are on page 1of 48

BU 0235 – en

Functional Safety
Supplementary manual for series SK 250E-FDS
Functional Safety – Supplementary manual for series SK 250E-FDS

Table of Contents
1 Introduction ................................................................................................................................................. 4
1.1 General .............................................................................................................................................. 4
1.1.1 Documentation ..................................................................................................................... 4
1.1.2 Document History ................................................................................................................. 4
1.1.3 About this manual ................................................................................................................. 5
1.2 Other applicable documents .............................................................................................................. 5
1.3 Presentation conventions ................................................................................................................... 5
1.3.1 Warning information ............................................................................................................. 5
1.3.2 Other information .................................................................................................................. 5
2 Safety, installation and operating instructions......................................................................................... 6
3 Function description ................................................................................................................................... 9
3.1 Safe shut-down methods ................................................................................................................. 10
3.1.1 Safe Pulse Block ................................................................................................................ 10
3.2 Digital inputs (DIN1 / DIN4) .............................................................................................................. 11
3.3 Safety functions ............................................................................................................................... 12
3.3.1 Safe Torque Off, STO ......................................................................................................... 12
3.3.2 Safe Stop 1, SS1 ................................................................................................................ 12
3.4 Examples / Implementation .............................................................................................................. 13
3.4.1 STO function....................................................................................................................... 13
3.4.2 SS1 Function ...................................................................................................................... 15
3.4.3 Simple restart block ............................................................................................................ 16
3.4.4 Example without safe shut-down method ........................................................................... 17
3.4.5 Ruling out wiring faults ....................................................................................................... 18
4 Assembly and installation ........................................................................................................................ 20
4.1 Installation and assembly ................................................................................................................. 20
4.2 Electrical connection ........................................................................................................................ 20
4.2.1 Wiring guidelines ................................................................................................................ 20
4.2.2 Mains connection................................................................................................................ 20
4.2.3 Control cable connections .................................................................................................. 21
4.2.3.1 Control level 21
4.2.3.2 Configuration of option slots on the control level 22
4.2.3.3 Control connection details 23
4.3 Details of the safe shut-down method .............................................................................................. 24
4.3.1 Safe shut-down method - Safe Pulse Block ....................................................................... 24
4.3.1.1 Operation with OSSD 24
4.3.1.2 EMC 24
4.3.1.3 Example – operation of multiple devices 25
5 commissioning .......................................................................................................................................... 26
5.1 Commissioning steps for STO ......................................................................................................... 27
5.2 Commissioning of SS1 ..................................................................................................................... 27
5.3 Validation ......................................................................................................................................... 28
6 Parameters ................................................................................................................................................. 29
6.1 Description of parameters ................................................................................................................ 29
6.1.1 Control terminals ................................................................................................................ 30
6.1.2 Additional parameters......................................................................................................... 32
7 Operating status messages ..................................................................................................................... 33
8 Additional information .............................................................................................................................. 35
8.1 Protective switching devices ............................................................................................................ 35
8.1.1 Output voltage .................................................................................................................... 35
8.1.2 Switching capacity and current load ................................................................................... 35
8.1.3 OSSD outputs, test pulses ................................................................................................. 36
8.2 Safety categories ............................................................................................................................. 37
8.2.1 IEC 60204-1:2005 .............................................................................................................. 37
8.2.2 IEC 61800-5-2:2007 ........................................................................................................... 37
8.2.3 IEC 61508:2010.................................................................................................................. 37
8.2.4 ISO 13849-1:2015 .............................................................................................................. 38

2 BU 0235 en-2917
Table of Contents
9 Technical Data ........................................................................................................................................... 39
9.1 Data for the Safe Pulse Block .......................................................................................................... 40
9.2 Data for digital inputs ....................................................................................................................... 41
10 Appendix .................................................................................................................................................... 42
10.1 Repair information ............................................................................................................................ 42
10.2 Service and commissioning information ........................................................................................... 43
10.3 Documents and software ................................................................................................................. 43
10.4 Certificates ....................................................................................................................................... 43
10.5 Abbreviations ................................................................................................................................... 44

BU 0235 en-2917 3
Functional Safety – Supplementary manual for series SK 250E-FDS

1 Introduction

1.1 General

1.1.1 Documentation
Name: BU 0235
Part number: 6072352
Series: Functional safety for frequency inverters from the
series
NORDAC Link (SK 250E … SK 280E)
Scope of application: SK 260E-FDS,
SK 280E-FDS

1.1.2 Document History

Issue Version Remarks

Order number Software


BU 0235, March 2017 V 1.1 R1 First issue
6072352/ 1217
BU 0235, July 2017 V 1.1 R2 Completion of a link to the TÜV certificate for
6072352/ 2917 frequency inverters with "Safe Shut-down
Methods"

4 BU 0235 en-2917
1 Introduction

1.1.3 About this manual


This manual is intended to help you with the commissioning of the "Safe Stop" function (STO or SS1)
of a frequency inverter or motor starter from Getriebebau NORD GmbH & Co. KG (NORD). It is
intended for all qualified electricians who plan, install and set up corresponding drive solutions (
Section 2 "Safety, installation and operating instructions"). The information in this manual assumes
that the qualified electricians who are entrusted with this work are familiar with the handling of
electronic drive technology, in particular with NORD devices.
This manual only contains information and descriptions of the functional safety and additional
information which is relevant for the functional safety of frequency inverters manufactured by
Getriebebau NORD GmbH & Co. KG.

1.2 Other applicable documents


This document is only valid in combination with the operating instructions for the frequency inverter
which is used. Safe commissioning of the drive application depends on the availability of the
information contained in this document.. A list of the documents can be found in  Section 10.3
"Documents and software".
The necessary documents can be found under www.nord.com.

1.3 Presentation conventions

1.3.1 Warning information


Warning information for the safety of the user and the bus interfaces are indicated as follows:

DANGER
This warning information warns against personal risks, which may cause severe injury or death.

WARNING
This warning information warns against personal risks, which may cause severe injury or death.

CAUTION
This warning information warns against personal risks, which may cause slight or moderate injuries.

NOTICE
This warning warns against damage to material.

1.3.2 Other information

Information
This information shows hints and important information.

BU 0235 en-2917 5
Functional Safety – Supplementary manual for series SK 250E-FDS

2 Safety, installation and operating instructions

Before working on or with the device, please read the following safety instructions extremely carefully.
Please pay attention to all other information from the device manual.
Non-compliance can result in serious or fatal injuries and damage to the device or its surroundings.
These safety instructions must be kept in a safe place!

1. General
During operation, depending on their protection class, devices may have live bare components as well
as hot surfaces.
The device operates with a dangerous voltage. Dangerous voltage may be present at the supply lines,
contact strips and PCBs of all connecting terminals (e.g. mains input, motor connection), even if the
device is not working or the motor is not rotating (e.g. caused by electronic disable, jamming of the
drive or a short circuit at the output terminals).
The device is not equipped with a mains switch and is therefore always live when connected to the
power supply.
Even if the drive unit has been disconnected from the mains, a connected motor may rotate and
possibly generate a dangerous voltage.
If you come into contact with dangerous voltage such as this, there is a risk of an electric shock, which
can lead to serious or fatal injuries.
Unauthorised removal of covers, improper use, incorrect installation or operation causes a risk of
serious personal injury or material damage.
The heat sink and all other metal components can heat up to temperatures above 70 °C.
Touching parts such as this can result in local burns to the body parts concerned (cooling times and
clearance from neighbouring components must be complied with).
Further information can be found in this documentation.
All transportation, installation, commissioning and maintenance work must be carried out by qualified
experts (pay attention to IEC 364 or CENELEC HD 384 or DIN VDE 0100 and IEC 664 or
DIN VDE 0110 and the national accident prevention regulations).

2. Qualified experts
For the purposes of these basic safety instructions, qualified personnel are persons who are familiar
with the assembly, installation, commissioning and operation of this product and who have the
relevant qualifications for their work.
Furthermore, the device and the associated accessories may only be installed and started up by
qualified electricians. An electrician is a person who, because of their technical training and
experience, has sufficient knowledge with regard to
• switching on, switching off, isolating, earthing and marking power circuits and devices,
• proper maintenance and use of protective devices in accordance with defined safety standards.

3. Correct purpose of use – general


The frequency inverters are devices for industrial and commercial systems used for the operation of
three-phase asynchronous motors with squirrel-cage rotors and Permanent Magnet Synchronous
Motors – PMSM. These motors must be suitable for operation with frequency inverters, other loads
must not be connected to the devices.
The devices are components intended for installation in electrical systems or machines.

6 BU 0235 en-2917
2 Safety, installation and operating instructions
Technical data and information for connection conditions can be found on the rating plate and in the
documentation, and must be complied with.
The devices may only be used for safety functions which are described and explicitly approved.
CE-labelled devices fulfil the requirements of the Low Voltage Directive 2014/35/EU. The stated
harmonized standards for the devices are used in the declaration of conformity.
a. Supplement: Correct purpose of use within the European Union
When installed in machines, the devices must not be commissioned (i.e. commencement of
proper use) until it has been ensured that the machine fulfils the provisions of EC Directive
2006/42/EC (Machinery Directive); EN 60204 must also be complied with.
Commissioning (i.e. start-up of proper use) is only permitted if the EMC directive (2014/30/EU)
has been complied with.
b. Supplement: Correct purpose of use outside the European Union
The local conditions of the operator for the installation and commissioning of the device must be
complied with at the usage location (see also "a) Supplement: Correct purpose of use within the
European Union").

4. Transport, storage
The information in the manual regarding transport, storage and correct handling must be complied
with.
5. Installation
Ensure that the device and the motor are specified for the correct supply voltage.
The installation and cooling of the equipment must be implemented according to the regulations in the
corresponding documentation.
The devices must be protected against impermissible loads. Especially during transport and handling,
components must not be deformed and/or insulation distances must not be changed. Touching of
electronic components and contacts must be avoided.
The devices contain electrostatically sensitive components, which can be easily damaged by incorrect
handling. Electrical components must not be mechanically damaged or destroyed (this may cause a
health hazard!).
6. Electrical connection
Installation and work must not be carried out unless the device has been disconnected from the
voltage and at least 5 minutes has elapsed since the mains was switched off! (The equipment may
continue to carry hazardous voltages for up to 5 minutes after being switched off at the mains).
When working on live devices, the applicable national accident prevention regulations must be
complied with (e.g. BGV A3, formerly VBG 4).
The electrical installation must be implemented as per the applicable regulations (e.g. cable cross-
section, fuses, earth lead connections). Further instructions can be found in the documentation.
Information regarding EMC-compliant installation (such as shielding, earthing, location of filters and
routing of cables) can be found in the documentation for the devices. CE marked devices must also
comply with these instructions. Compliance with the limit values specified in the EMC regulations is
the responsibility of the manufacturer of the system or machine.
In case of a fault, insufficient earthing may cause an electric shock with possibly fatal consequences if
the device is touched.
Because of this, the device is only intended for permanent connection and may not be operated
without effective earthing connections which comply with local regulations for large leakage currents
(> 3.5 mA).

BU 0235 en-2917 7
Functional Safety – Supplementary manual for series SK 250E-FDS
The voltage supply of the device may directly or indirectly put it into operation, or touching electrically
conducting components may then cause an electric shock with possible fatal consequences.
All phases of all power connections (e.g. power supply) must always be disconnected.

7. Operation
Do not use defective devices or devices with defective or damaged housings or missing covers.
Otherwise there is a risk of serious or fatal injuries caused by electric shock or bursting electrical
components such as powerful electrolytic capacitors.
Where necessary, systems in which the devices are installed must be equipped with additional
monitoring and protective equipment according to the applicable safety requirements (e.g. legislation
concerning technical equipment, accident prevention regulations, etc.).
The parametrisation and configuration of the devices must be selected so that no hazards can occur.
All covers must be kept closed during operation.
With certain setting conditions, the device or the motor which is connected to it may start automatically
when the mains are switched on. The machinery which it drives (press / chain hoist / roller / fan etc.)
may then make an unexpected movement. This may cause various injuries, including to third parties.
Before switching on the mains, secure the danger area by warning and removing all persons from the
danger area.
8. Maintenance and repairs
Live equipment components and power connections should not be touched immediately after
disconnecting the devices from the power supply because of possible charged capacitors. Observe
the applicable information signs located on the device.
Further information can be found in this documentation.

9. Potentially explosive environment (ATEX)


The device is not approved for operation or maintenance work in potentially explosive environments
(ATEX).

8 BU 0235 en-2917
3 Function description

3 Function description

To avoid danger to persons and to prevent damage to material, machines must be able to be switched
off safely. The frequency inverters stated in this document provide safe shut-down methods.
The following basic explanation of the function of a frequency inverter serves to provide better
understanding of the function of safe shut-down methods:
The mains voltages are rectified and the resulting DC links circuit voltage is reconverted to AC
according to the requirements of the operating status of the motor (frequency and voltage).
The semiconductor switches of the inverter (T1 to T6) are controlled by a highly complex pulse
pattern. This pulse pattern is generated by the micro-controller (µC) and amplified by the driver. The
drivers convert the logic signals on the control voltages of the semiconductor switch. The
semiconductor switches are switched via the control voltage and the pulse pattern is amplified and
applied to the motor terminals. Due to the low-pass effect of the motor, a three-phase pulse width
modulated sine wave voltage, a three-phase system, results from the pulsed voltage. The motor
generates a torque.

1 I/O fast stop


2 Micro-controller
3 Logic
4 Driver
5 Undervoltage detection, current limitation
6 Input circuits
7 Option "Safe Pulse Block"
8 DC/DC converter, connected depending
on the version

Figure 1: Structure of Safe Pulse Block

By the use and combination of safe shut-down methods and digital inputs (DIN1 / DIN4) the safety-
related stop functions STO and SS1 as well as a simple restart block can be implemented with various
safety and performance levels.

BU 0235 en-2917 9
Functional Safety – Supplementary manual for series SK 250E-FDS

3.1 Safe shut-down methods


With a safe shut-down method, the torque is switched off and a stop function is carried out. As this has
priority over other control functions this stop-function is suitable for stopping in emergencies. This
function is known as "Safe Torque Off" or STO.
The safe switch-off of the torque according to the STO safety function depends on the interruption of
the flow of current to the motor.
The following switch-off methods are available for this:
• “Safe Pulse Block“

It is also possible to first stop the motor in a controlled manner and then to switch off the torque. This
function is referred to as "Safe Stop 1" or SS1

3.1.1 Safe Pulse Block


Devices equipped with a "Safe Pulse Block" have an additional DC/DC converter, which produces the
supply voltage for the driver from a 24V supply (Contacts 24V_SH, GND_SH).

If the external 24 V voltage is switched off then the DC/DC converter does not transmit any power to
the drivers. As the drivers are now no longer supplied with power, no pulses reach the semiconductor
switches (T1 to T6) of the inverter. The flow of current in the semiconductor switches and in the motor
is interrupted i.e. after a certain reaction time of the electronics and the reduction time of the motor
current, the motor does not develop a driving torque.
The switch-off of the 24V supply via contacts 24V_SH, GND_SH must be carried out by a fail-safe
switching device. For this, either the contact 24V_SH or the connection GND_SH contact may be
disconnected from the 24V source. Preferably, the 24V_SH connection is disconnected

Safety output Safety output Safety output Frequency inverter


or or

10 BU 0235 en-2917
3 Function description

3.2 Digital inputs (DIN1 / DIN4)


In order to implement a safety function, the digital inputs (DIN1 / DIN4)can be used as auxiliary inputs,
e.g. for the triggering of a braking process. It should be noted that the digital inputs only fulfil minimum
safety requirements. A safe shut-down method is always required!
The digital inputs, further I/Os and the 24 V supply have a common earth. This means that a digital
input may only be switched off by disconnection of its connection. Switch-off via GND is not
possible!

Safety output Safety output Safety output Filter for Frequency inverter
OSSD
(optional)

When operating with an OSSD a filter is only required for environments with high levels of
interference.
If only low levels of functional safety are required, the safety function can also be implemented with
the digital inputs. It is recommended that this is only considered if the risk assessment has shown that
slight (normally temporary) injuries could result on failure of the safety function (see also 
Section 8.2). In case of doubt, a safe shut-down method should always be used.

WARNING Loss of safety function


Digital input DIN4 can optionally be connected via M1 or M2.
Parallel connection of DIN4 to M1 und M2 with different sensor signals or from different signal sources causes
a loss of the safety function, as for technical reasons, overlapping of the signals cannot be excluded. Parallel
connection is therefore not permissible

BU 0235 en-2917 11
Functional Safety – Supplementary manual for series SK 250E-FDS

3.3 Safety functions

WARNING Mechanical brake failure


Control of a mechanical brake by means of the frequency inverter is not fail-safe!
Triggering of the "STO" function causes the application of a mechanical brake which is controlled by the
frequency inverter. The brake takes on the entire load of the drive units with all of its rotating masses and
attempts to stop it.
A brake which is not designed for this (e.g. a holding brake) may be damaged and may fail. This can result in
severe or even fatal injuries or damage to the system, e.g. due to falling loads (lifting gear).
Therefore, with the use of a brake
• This must be designed as an operating brake, or
• It must be ensured that the drive unit is stopped before the "STO" function is activated.

3.3.1 Safe Torque Off, STO


With the STO function the drive torque is switched off as quickly as possible (see Technical Data 
Reaction Time) and the drive (motor and machine) runs down to a standstill. This behaviour
corresponds to stop category 0 (uncontrolled braking) according to EN 60204-1. Therefore an
undefined time elapses before the drive unit does not carry out any further hazardous movement and
a safe state is achieved. Detection of whether or when the drive unit has achieved a safe state is not
integrated into the frequency inverter.
Depending on the switching equipment used and the use of a safe shut-down method, an STO
function with Safety Category 4 as per DIN EN ISO 13849-1 can be implemented.

3.3.2 Safe Stop 1, SS1


With the function SS1 the motor is initially braked by the frequency inverter. After standstill, the
function STO is switched to. This behaviour corresponds to stop category 1 (controlled braking)
according to EN 60204-1. Switching to the STO function can be monitored after reaching standstill or
can be carried out via a fail-safe timing relay (delayed output of a safety circuit device).

Information Controlled braking


Controlled braking is triggered via a digital input and only complies with low safety requirements!
If controlled braking fails, the function switches over to STO.
If necessary, the braking process must be monitored.

12 BU 0235 en-2917
3 Function description

3.4 Examples / Implementation


The following illustrates several examples of solutions for the safety functions STO and SS1.

3.4.1 STO function


Implementation of a safety function usually requires the use of a protective switching device. The
safety category of the function is determined by the component with the lowest category.
1)
Emergency Safety switching device Shielded cables Frequency inverter
stop button
Use of the
"Safe Pulse
Block"
Reset

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

1 Supply voltage
2 Reset circuit
3 Input circuit with cross-circuit detection
4 Safety output

In this example, Safety Category 4 as per DIN ISO 13849-1 can be achieved. The prerequisite for this
is that the emergency stop button, the protective switching device and the wiring fulfil the requirements
for Category 4. For example, this can be achieved as follows:
• Redundant protective switching device with self-monitoring
• Dual-channel input circuit with cross-wire recognition (and appropriate emergency stop button)
• Safety output with periodic switch-off tests (OSSD)
• Exclusion of faults as per DIN ISO 13849-2 for the wiring between the switching device and the input
terminals of the safe shut-down method, by the use of a shielded cable and connection of the
shield at both ends.
If the "Safe Pulse Block" is triggered for an enabled frequency inverter, this results in an error E018
(18.0 "Safety Circuit ").
To prevent this, a digital input (DIN1 / DIN4) can be parameterised with the function "10" ("Block
Voltage").
The typical reaction time can be reduced by the additional use of a digital input. A second safety
output is required to control the digital input.

BU 0235 en-2917 13
Functional Safety – Supplementary manual for series SK 250E-FDS
This solution is preferable, especially in cases where the switching device only checks its safety
outputs in the course of an enabling cycle, as is the case with some electro-mechanical switching
devices. A suitable checking interval must be specified according to the safety requirements.
1)
Emergency Safety switching device Shielded cables Frequency inverter
stop button
Use of the
"Safe Pulse
Block"
Reset

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

1 Supply voltage
2 Reset circuit
3 Input circuit with cross-circuit detection
4 Safety output 1
5 Safety output 2
6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

A separate shielded cable must be used for connecting each of the safety outputs! However, with the
use of a protective switching device with cross-circuit monitoring of OSSD outputs, the cables of both
safety outputs can also be run in a common shielded cable.
The requirements for Safety Category 4 are only fulfilled by the "Safe Pulse Block" function. The
digital inputs (DIN1 / DIN4) only achieve Safety Category 1 and PL c (Performance Level c).
During the period between activation of the safety function via a digital input and activation of the STO
via the connections "24 V SH" and "GND SH" the frequency inverter can also only fulfil Safety
Category 1 and PL c.

14 BU 0235 en-2917
3 Function description

3.4.2 SS1 Function


A digital input is always necessary in order to implement the SS1 function. With this digital input, a
braking action is initiated by the frequency inverter. For this, the digital input is parameterised to the
function "11"(Fast Stop).
1)
Emergency Safety switching device Shielded cables Frequency inverter
stop button
Use of the
"Safe Pulse
Block"
Reset

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

1 Supply voltage
2 Reset circuit
3 Input circuit with cross-circuit detection
4 Safety output 1 (delayed)
5 Safety output 2
6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

Actuation of the emergency stop button (call-up of the safety function) initially triggers a controlled
braking action via a digital input "DIN". In this case it must be ensured that the drive is brought to
standstill within the parameterised fast stop time P426. After a delay time which is controlled by a
protective switching device, STO is triggered. The delay time must be dimensioned so that the delay is
longer than the fast stop time plus the DC run-on time P559. The delay time must be selected so as to
be fail-safe.
After the delay time which is set in the protective switching device has elapsed, the frequency inverter
always switches to the STO function. This also applies in the case of failure of the controlled braking
action.
A separate shielded cable must be used for connecting each of the safety outputs! However, with the
use of a protective switching device with cross-circuit monitoring of OSSD outputs, the cables of both
safety outputs can also be run in a common shielded cable.
The requirements for Safety Category 4 are only fulfilled by the "Safe Pulse Block" function. The
digital inputs (DIN1 / DIN4) only achieve Safety Category 1 and PL c (Performance Level c).
During the period between activation of the safety function via a digital input and activation of the STO
via the connections "24 V SH" and "GND SH" the frequency inverter can also only fulfil Safety
Category 1 and PL c.

BU 0235 en-2917 15
Functional Safety – Supplementary manual for series SK 250E-FDS

3.4.3 Simple restart block


Safety Category 4 as per DIN ISO 13849-1 can be achieved with a direct dual-channel triggering of
the "Safe Pulse Block" with the aid of a safe switching element. The following illustration shows an
example with an emergency stop switch (positively opening contacts, Safety Category 4).
1)
Emergency stop button Shielded cables Frequency inverter

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

To achieve Safety Category 4, fault exclusion as per EN 13849-2 Section D.5 must be possible for the
upstream components (hard-wiring and dual-channel button with independent, positive-opening
contacts) i.e., in this example, the emergency-stop button and the wiring must be designed in such a
way that short-circuiting at the emergency-stop button and to other live systems can be ruled out.
In this example, there is no reset circuit as is the case with the protective switching devices. If the
result of risk analysis is that cancellation of the stop command must be acknowledged by intended
manual action, then the resetting requirements can be fulfilled organisationally (e.g. by an emergency
stop button with key releasing device and storage of the key away from the machine).
If the "Safe Pulse Block" is triggered for an enabled frequency inverter, this results in an error E018
(18.0 "Safety Circuit ").

Information Functions P428 and P506


With use of the function P506 "Automatic Fault Acknowledgement" And P428 "Automatic Start" (refer to the
description in the manual BU 0250) the drive unit starts immediately after the emergency stop button has been
released. Because of this, it is urgently recommended that these functions are not used in combination and
especially not for safety-relevant applications.

16 BU 0235 en-2917
3 Function description

3.4.4 Example without safe shut-down method


It is only possible to implement the safety functions STO or SS1 with a digital input and a protective
switching device. However, with this switching variant, according to DIN EN ISO 13849-1 the
maximum safety category which can be achieved is Safety Category 1. However, the condition for this
is that in addition to the digital input, all other components (protective switching device, emergency
stop button, wiring) also fulfil the requirements for Category 1.
1)
Emergency Protective switching device Shielded cables Frequency inverter
stop button
Use of a digital input
Reset

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

1 Supply voltage
2 Reset circuit
3 Input circuit with cross-circuit detection
4 Not available
5 Safety output
6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

To implement the safety function STO, the digital input is parameterised to function "10" (Block
Voltage).
For the safety function SS1 the digital input is parameterised with function "11" ("Fast Stop"). The fast
stop time is set via parameter P426. It must be ensured that the drive is actually brought to standstill
within the parameterised fast stop time.

Information Safety category


Implementation of safety switching without a safe shut-down method (as described above) only enables
compliance with Safety Category 1 (or Performance Level c) as a maximum. This switching variant also does not
have SIL capability ( Section 8.2 "Safety categories")
This switching version should therefore only be considered if only low requirements for functional safety need to
be fulfilled and if the risk assessment has shown that failure of the safety function can only result in slight (usually
temporary) injuries (Section 8.2 "Safety categories"). In case of doubt, a safe shut-down method should always
be used ( Section 3.1 "Safe shut-down methods")

BU 0235 en-2917 17
Functional Safety – Supplementary manual for series SK 250E-FDS

3.4.5 Ruling out wiring faults


In the examples above, a separate shielded cable, whose shield is connected at both ends is used for
each of the inputs which are used for the implementation of the safety function (see also the following
illustration). These measures serve to rule out faults as per DIN EN ISO 13849-2 in case of a short
circuit between any of the conductors.
This exclusion of faults is necessary in order to fulfil the requirements of Safety Category 4 as per DIN
EN ISO 13849-1. This means that, neither a single detected fault or an accumulation of undetected
faults can result in the loss of the safety function. A short circuit from an external voltage, e.g. from a
24V control cable, to the 24V input of a safe shut-down method could lead to the loss of a safety
function i.e. this fault must be prevented by means of suitable measures.
The use of a separate shielded cable for each input is not mandatory. For example, the cables for the
digital inputs and the safe shut-down method may be jointly run in a shielded cable, if the monitored
safety outputs of the switching device are equipped with cross-circuit detection (see the following
illustration). If necessary, the effectiveness of the short-circuit detection must be demonstrated.
1)
Safety output on the safety switching Shielded cables Frequency inverter
device
Use of the
"Safe Pulse
Block"
Monitored outputs without
cross-circuit detection

Output 1

Output 2
Monitored outputs with cross-

Output 1
circuit detection

Output 2

1) Shielded cable to exclude faults as per DIN EN ISO 13849-2, for connection of the safety outputs to a digital input with optional filter for
OSSD (only necessary in environments with high levels of interference).

Other measures (separate cable duct, installation in armoured conduit, etc.) are possible. More
precise details result from the risk assessment and the FMEA for the specific application.
For the "Safe Pulse Block" it is also conceivable that this is triggered via two safety outputs, one
switching the 24 V output and the other switching the GND output.

18 BU 0235 en-2917
3 Function description
Safety output on the safety switching Connection cable Frequency inverter
device
Use of the
"safe pulse block"

Output 1
Monitored outputs

Output 2

In this case a shielded cable is not strictly necessary if both safety outputs are monitored. If, for
example, other 24V control cables are laid in the same cable duct and a fault in the form of a short-
circuit from 24V_SH to a control cable (=24 V) is assumed, this fault would be detected by the output
monitoring of the switching device and the "Safe Pulse Block" would be triggered by the second safety
output. More precise details result from the FMEA for the specific application.
If a shielded cable is not used for the wiring of the safety function, the effects of electromagnetic fields
may need to be taken into account. Hence the use of a 1 m long cable (in a separate cable duct) in an
environment without strong electromagnetic fields is relatively safe, while the installation of a long
cable in the direct vicinity of a powerful transmitter or a medium voltage distributor may cause the
failure of the safety function. Because of this, the use of shielded cables is generally recommended.

BU 0235 en-2917 19
Functional Safety – Supplementary manual for series SK 250E-FDS

4 Assembly and installation

The installation instructions contained in this manual only deal with issues that are related to functional
safety. For further information, please refer to the manual for the relevant frequency inverter (BU
0250).

4.1 Installation and assembly


The installation instructions in BU 0250 must be observed!

4.2 Electrical connection


The information for installation or electrical connection from the manual BU 0250 as well as all of the
following information must be observed.

WARNING Electric shock


Touching electrically conducting components may cause an electric shock and severe or possibly fatal injury.
• Disconnect the frequency inverter from the power supply before starting installation work.
• Only work on devices which have been disconnected from the power supply.

WARNING Electric shock


The frequency inverter carries hazardous voltage for up to 5 minutes after being switched off.
• Only start work after a waiting period of at least 5 minutes after switching off the mains supply
(disconnection).

4.2.1 Wiring guidelines


The wiring guidelines from the frequency inverter manual (BU 0250) apply!

4.2.2 Mains connection


Devices which implement a safety function may only be operated on TN and TT networks. The
equipment has not been designed for operation at IT and "Grounded Corner" networks.

20 BU 0235 en-2917
4 Assembly and installation

4.2.3 Control cable connections


Electrical connections are made exclusively with plug connectors.

4.2.3.1 Control level

Position: front

The configuration and functions of the


individual option slots are variable. They
are directly influenced by the customer's
specification, but are also indirectly
dependent on the further features.
The meaning of the LEDs which are
assigned for each option slot is also
dependent.

D1 = Diagnostic opening
E1 = Status indicators (LEDs)
H1 = Control element 1
H2 = Control element 2
M1 =
… Signal connections
M8 =

BU 0235 en-2917 21
Functional Safety – Supplementary manual for series SK 250E-FDS

4.2.3.2 Configuration of option slots on the control level


The option slots M1 to M8 are designed for M12 plug connectors. The configuration of the connections
or functions for the individual option slots which are relevant for the frequency inverter is printed
directly on the option slot. Only those functions which can be associated with the safe stop function
are stated below.
Option slot Option type Function Relevant Comments
parameters

M1 a No option
b Initiator 1 INI1 DIN1 P420[-01]
DIN4 P420[-04]
M2 a No option
b Initiator 2 INI2 DIN4 P420[-04]
M3 a No option
b Actuator 1 Act1 DOUT1 P434[-01]
DOUT2 P434[-02]
M4 a No option
b Actuator 2 Act2 DOUT2 P434[-02]
M6 a Safe Stop STO

Plug connections for M12 plug connectors


Depending on the function, 5-pin M12 surface mounted plug connectors with coloured sockets or plug
inserts are installed. The colours reflect the functional assignment of the plug connector and therefore
enable easy identification on the FI. The same applies for the colour coding of the cover caps.
The following plug connectors may be used on the device, depending on the customer's specification.

Only those functions associated with the Safe Stop function are stated.
Option slots M1 to M8

Function Plug connectors Option slot


Contact diagram Contact assignments

1 2 3 4 5 No. Colour
DIN1 / DIN4 24 V DIN4 GND DIN1 PE M1 black
DIN4 24 V GND DIN4 PE M2 black
DOUT1 / DOUT2 24 V DOUT2 GND DOUT1 PE M3 black
DOUT2 24 V GND DOUT2 PE M4 black
STO GND SH 24 V SH M6 yellow

22 BU 0235 en-2917
4 Assembly and installation

4.2.3.3 Control connection details


Meaning, Functions Description / Technical data
Contact Parameter
(designation) Meaning No. Function of factory setting
Digital outputs Signalling of the operating statuses of the FI
according to EN 61131-2 Maximum load 50 mA
24 V DC
With inductive loads: Provide protection
via free-wheeling diode!
DOUT1 Digital output 1 P434 [-01] No function
DOUT2 Digital output 2 P434 [-02] No function
Information for bus control:
The digital outputs can be set with the user bits in the control word.
DOUT1: P480 [-11] = Control word Bit 8
DOUT2: P480 [-12] = Control word Bit 9

Information Digital output


A digital output can be used to indicate the status of the "Safe Pulse Block". It should be noted that this status
indication is not fail-safe.
Digital inputs Actuation of device via an external controller, switch or similar
according to EN 61131-2, type 1 Input capacitance
Low: 0-5 V (~ 9.5 kΩ) 10 nF (DIN1, DIN4)
High: 15-30 V (~ 2.5 - 3.5 kΩ)
Scan time: 1 ms
Reaction time: 4 - 5 ms
DIN1 Digital input 1 P420 [-01] No function
DIN4 Digital input 4 P420 [-04] No function
Functional Safety Fail-safe input
"Safe Stop" Details: BU0235, “Technical data” The input is always active. In order to make the FI ready for
operation, this input must be provided with the required
voltage.
24V SH 24 V input - -
GND SH Reference potential - -

BU 0235 en-2917 23
Functional Safety – Supplementary manual for series SK 250E-FDS

4.3 Details of the safe shut-down method

4.3.1 Safe shut-down method - Safe Pulse Block


A two-wire shielded cable must be used for the "Safe Pulse Block". The shield must be applied on
both sides! The voltage drop in the cable must not exceed the following values:
• Mechanical protective switching device: ΔUCable ≤ 3 V
• Electronic protective switching device: ΔUCable ≤ 1 V.
IIN,Peak( Section 9 "Technical Data" should be used to calculate the peak current.

4.3.1.1 Operation with OSSD


The Safe Pulse Block is specially designed for use with an OSSD.
The capacity between the wires (including the shield capacities) must not exceed a value of x = 10 nF
for each frequency inverter which is connected.
The value x is determined as follows:
x = 2 nF * t_OSSD / 0.1 ms where t_OSSD = Width of the test pulse, max. 0.5 ms
Additional restrictions may apply with regard to the protective switching device.

4.3.1.2 EMC
The EMC guideline values ( Manual BU 0250) can be complied with EMC-compliant wiring up to a
cable length of 100 m between the protective switching device and the frequency inverter.

24 BU 0235 en-2917
4 Assembly and installation

4.3.1.3 Example – operation of multiple devices


When operating several frequency inverters with one protective switching device, the switching
capacity of the switching device and the load rating of the 24 V mains unit must be observed.
The shield must be correctly connected ( Illustrations in Section 3.1 "Safe shut-down methods").
The permissible voltage drops in the cable must be observed!
Example
Given:
– 4 frequency inverters are connected to an electronic protective switching device.
– The frequency inverters are located adjacent to each other in a system.
– 20 m must be bridged between the frequency inverters and the protective switching device.
2
– A 2 x 1.5 mm cable is used.
The following applies:

l mm 2
R = ρ CU * with ρCU ≅ 19Ω *
q km
I IN , Peak = 0.5 A ( Section 9 "Technical Data" )

Solution
Double the length of cable must be used because line drops occur in both wires.

R ≅ 0.5 Ω
ΔUCable = R * No.FU * IIN,Peak = 0.5 Ω * 4 * 0.5 A = 1 V
ΔUCable ≤ 1 V  o.k.

BU 0235 en-2917 25
Functional Safety – Supplementary manual for series SK 250E-FDS

5 commissioning

WARNING Electric shock


Dangerous voltages may be present at the plug contacts for the power connections (e.g. mains cable) even when
the FI is not in operation.
• Do not touch any contacts
• Protect connections which are not required with the cover caps provided.

WARNING Electric shock


There may be a hazardous voltage at the motor connection contacts, even if the Safe Stop ("STO" function) is
active.
• Do not touch any contacts
• Protect connections which are not required with the cover caps provided

Only the specific matters for functional safety during commissioning are considered in the following.
For a detailed section for commissioning the FI and its basic or standard functions, as well as all of the
necessary FI parameters, please refer to the frequency inverter manual BU 0250.
For the implementation of a safety function (STO or SS1), in addition to a safe shut-down method, a
digital input is used, which should be assigned a special function. Because of this, when
commissioning, a PC with an RS232/458 interface, or alternatively a SimpleBox/ParameterBox is
required for parameterisation.

26 BU 0235 en-2917
5 commissioning

5.1 Commissioning steps for STO


• A safety output of the protective switching device is connected to a safe shut-down method
( Section 3.1 "Safe shut-down methods").
Depending on the required safety category, if necessary, a wiring fault (short-circuit between any
particular wires) must be able to be excluded.
It is recommended that a two-conductor shielded cable is used for the safe shut-down method and
that the shield is correctly connected ( Section 3.4.5 "Ruling out wiring faults").

• The typical reaction time can be reduced by the additional use of a digital input.
For this, one of the digital inputs (DIN1 / DIN4) is parameterised with function "10" (block voltage).
For this, it essential that the different reference potentials are observed.
It is recommended that a separate shielded cable is used for each safe shut-down method and for
the digital inputs used for functional safety, and that the shields are correctly connected
( Section 3.4.5 "Ruling out wiring faults").

• The switching delay of the of the relevant digital input (see parameter P475) must not be used
(setting "0").
• Depending on the application, disabling of the safety function may cause a hazard, so that a
monitored start is necessary. In this case the "Automatic Start" (P428) must not be used
(setting "0").

5.2 Commissioning of SS1


• A safety output of the protective switching device is connected to a digital input( Section 3.4.2
"SS1 Function").
It is recommended that a two-conductor shielded cable is used and that the shield is correctly
connected ( Section 3.4.5 "Ruling out wiring faults").
• A safe shut-down method is connected to a time-delayed safety output of the protective switching
device. ( Section 3.1 "Safe shut-down methods").
It is recommended that a separate two-wire shielded cable is used for this. The cable shield must
be connected at both ends ( Section 3.4.5 "Ruling out wiring faults").
• The selected digital input must be parameterised with function "11" (Fast Stop).

WARNING Danger of injury due to failure of SS1


The braking characteristics of the drive unit can be influenced by various factors. Therefore, the mode "Safe
Stop 1" may possibly not be correctly complied with.
In order to prevent hazards due to this, by means of a final validation in the course of commissioning it must
be demonstrated that with the particular settings the requirements for the special intended use are fulfilled,
and that the device will at no time be operated outside of its rated data.

For the function SS1, parameter P426 (Fast Stop Time) and if necessary P559, "(DC run-on time)
must be parameterised according to the requirements of the application. The delay time of the
delayed safety output of the protective switching device must be rated so that it is longer than the
fast stop time plus the DC run-on time.
The actual stopping time for the drive unit depends on various factors. It may deviate for the
parameterised fast stop time P426) if, for example, one or more of the following events occur
during the active fast stop.
– Achievement / Exceeding of the power limits of the FI

BU 0235 en-2917 27
Functional Safety – Supplementary manual for series SK 250E-FDS
– Achievement / Exceeding of one or more parameterised limit values, (e.g.: P112, P536, P537)
– Use of direct current braking (function "Immediate DC Braking") in parameter P108.
With the use of the shut-down mode "Immediate DC Braking" the fast stop time is not taken into
account. The same braking time (resulting from the settings in P109, P110) is used as for shut-
down.
In unfavourable cases, the drive unit cannot be braked to a standstill during the parameterised fast
stop time. Before the elapse of the parameterised fast stop time it switches to the the "Safe Torque
Switch Off" mode (STO) and runs to a standstill.

• The switching delay of the of the relevant digital input (see parameter P475) must not be used
(setting "0").
• Depending on the application, disabling of the safety function may cause a hazard, so that a
monitored start is necessary. In this case the "Automatic Start" (P428) must not be used
(setting "0").

5.3 Validation
It must be proven by suitable validation that the requirements for the specially intended purpose have
been met.

28 BU 0235 en-2917
6 Parameters

6 Parameters

The following only lists the specific parameters and display and setting options for the Functional
Safety technology function. For a detailed overview of all available parameters, please refer to the
frequency inverter manual BU 0250.

Information Relevant parameters for STO or SS1


In order to implement the function STO, depending on the digital input which is used, the parameters for the
digital input must be set to function "10" ("Block Voltage").
For the function SS1 the parameter of the relevant digital input is set to function "11" ("Fast Stop"). In addition,
the "Fast Stop Time" must be entered in parameter P426 and the “DC Run-on Time" must be entered in
parameter P559.
For the function SS1 the "Fast Stop Time" must be set so that the drive unit actually comes to a standstill within
the stated time. The “DC Run-on Time follows after the “Fast Stop Time “.
The delay time of the delayed output of the protective switching device must be set so that it is longer than the
parameterised values for the "Fast Stop Time"plus the "DC Run-on Time “.

6.1 Description of parameters


1)
P000 (parameter number) Operating display (parameter name) xx S P
Setting range Display of typical display format (e.g. (bin = Other applicable List of other parameters that
binary)) of possible setting range and number parameter(s): are directly associated
(or display range) of decimal places
Arrays [-01] If parameters have a substructure in several arrays, this is shown here.

Factory setting {0} Default setting that the parameters typically have in the as-delivered condition of the device or to
which it is set after carrying out "Restore factory settings" (see parameter P523).
Scope of Application List of device variants to which this parameter applies. If the parameter is generally valid, i.e. for the entire
model series, this line is omitted.
Description Description, functionality, meaning and the like for this parameter.

Note Additional notes about this parameter

Setting values List of possible settings with description of the respective functions

(and display values)


1) xx = other identification

Figure 2: Explanation of parameter description

Information Description of parameters


Unused lines of information are not listed.

Note / Explanation:
Code Designation Meaning
S Supervisor-Parameter The parameter can now be displayed and modified if the
relevant supervisor code has been set (see parameter
P003).
P Parameter set-dependent The parameter provides different setting options that are
dependent upon the selected parameter set.

BU 0235 en-2917 29
Functional Safety – Supplementary manual for series SK 250E-FDS

6.1.1 Control terminals


P420 Digital inputs
Arrays [-01] … [-07]
Scope of Application (DIN1 / DIN4)
Description Assignment of functions for the digital input
Setting values Value Meaning

0 Off The input is not used.


10 Disable voltage (coast to stop) The FI output voltage is switched off; the motor runs
Low
down freely.
11 Emergency stop The FI reduces the frequency according to the
Low
programmed fast stop time P426. 1)
1) Exception: P108, setting "Immediate DC Braking" With the use of the shut-down mode "Immediate DC
Braking" the fast stop time is not taken into account. The same braking time (resulting from the settings
in P109, P110) is used as for shut-down.

P426 Quick stop time S P


Description Setting of the stop time for the fast stop function which can be triggered either via a
digital input, the bus control, the keyboard or automatically in case of a fault.
The quick stop time is the time for the linear frequency decrease from the set
maximum frequency (P105) to 0 Hz. If an actual setpoint <100 % is being used, the
emergency stop time is reduced correspondingly.
Setting values 0.01 … 320.00
WARNING! Danger of injury due to failure of SS1
The braking characteristics of the drive unit can be influenced by various factors.
Therefore, the mode "Safe Stop 1" may possibly not be correctly complied with.
In order to prevent hazards due to this, by means of a final validation in the course of
commissioning it must be demonstrated that with the particular settings the
requirements for the special intended use are fulfilled, and that the device will at no
time be operated outside of its rated data.

P428 Automatic starting S P


Setting range 0…1
Description Decision as to whether the frequency inverter should react to an enable signal.
Setting values Value Meaning

0 Off The device expects a flank (signal change "low  high") at the
digital input which has been parametrised to "Enable" in order to
start the drive.
If the device is switched on with an active enable signal (mains
voltage on), it immediately switches to "Switch-on block).
1 On The device expects a signal level ("high") at the digital input which
has been parametrised to "Enable" in order to start the drive.
NOTICE! Danger of injury! Drive starts up immediately!

30 BU 0235 en-2917
6 Parameters

P434 Digital output function


Arrays [-01] … [-02]
Description Assignment of functions for the digital output
Setting values Value Meaning

0 Off The output is not used.


01 External brake For control of a mechanical brake on the motor.
For details see  BU 0250
WARNING: Brake failure! The control is not fail-safe! Design the
brake as an operating brake. Ensure that the drive is brought to a
standstill before "STO" becomes active.
07 Fault General error message.
For details see  BU 0250
39 STO inactive This function depicts the reaction of the "safe pulse block".
The signal drops (High  Low) when STO and Safe Stop are
active.

P481 Function BusIO Out Bits S


Arrays [-01] … [-10]
Description Assignment of functions for Bus IO Out Bits. The Bus IO In Bits are treated as digital
outputs by the frequency inverter.
Setting values Value Meaning

0 Off The output is not used.


01 External brake For control of a mechanical brake on the motor.
For details see  BU 0250
WARNING: Brake failure! The control is not fail-safe! Design the
brake as an operating brake. Ensure that the drive is brought to a
standstill before "STO" becomes active.
07 Fault General error message.
For details see  BU 0250
39 STO inactive This function depicts the reaction of the "safe pulse block".
The signal drops (High  Low) when STO and Safe Stop are
active.

BU 0235 en-2917 31
Functional Safety – Supplementary manual for series SK 250E-FDS

6.1.2 Additional parameters


P506 Automatic fault acknowledgement S
Description Automatic acknowledgement of fault messages. (For details see  BU 0250)
Note Automatic error acknowledgement should not be used in association with a safety
function.
Setting values 0 = Detection is disabled

P550 EEPROM copy order


Description The data sets saved in the internal EEPROM and in the Memory Module can be
copied between the devices. This includes a PLC program that is present on the
device.
Note Only valid with option: "-EEP" (plug-in EEPROM):
The device always uses the data record which is saved in the internal EEPROM.
WARNING! Loss of safe function. After parameters have been copied the safe
functions must be revalidated. This is the only way to ensure that the safety functions
operate correctly.
Setting values Value Meaning

0 No change
1 External  Internal The data set is copied from the memory module (external
EEPROM) to the internal EEPROM.
2 Internal  External The data set is copied from the internal EEPROM to the memory
module (external EEPROM).
3 External   Internal Exchange data sets, the data sets are exchanged between the two
EEPROMs

P559 DC run-on time S P


Setting range 0.00 ... 5.00 s
Description Completion of a braking action by temporary connection of a DC voltage to the motor
connection terminals.
(For details see  BU 0250)

32 BU 0235 en-2917
7 Operating status messages

7 Operating status messages

The majority of frequency inverter functions and operating data are continuously monitored and
simultaneously compared with limiting values. If a deviation is detected, the inverter reacts with a
warning or an error message.
Basic information on this topic is contained in the manual for the device.
All faults or reasons which may result in a switch-on block of the frequency inverter and which are
associated with the STO function are listed below.

WARNING Loss of safe function


In case of an EEPROM fault, the digital input functions (DIN1 / DIN4) "Block Voltage" and "Fast Stop" may not
function or may function incorrectly.
After an EEPROM fault, the digital inputs associated with safety functions must be revalidated. This is the only
way to ensure that the safety functions operate correctly.

Error messages

Display in the
SimpleBox /
ControlBox Fault Cause
Group Details in Text in the ParameterBox • Remedy
P700 [-01] /
P701

E008 8.0 Parameter loss Error in EEPROM data


(maximum EEPROM value • Software version of the stored data set not
exceeded) compatible with the software version of the FI.
NOTE: Faulty parameters are automatically reloaded
(default data).
• EMC interferences (see also E020)
8.1 Inverter type incorrect • EEPROM faulty
8.2 Reserved
8.3 EEPROM KSE error The upgrade level of the frequency inverter was not
(Customer unit incorrectly correctly identified.
identified (customer’s interface • Switch mains voltage off and on again.
equipment))
8.4 Internal EEPROM error
(Database version incorrect)
8.7 EEPR copy not the same

E018 18.0 Safety circuit While the frequency inverter was enabled, the Safe Pulse
Block safety circuit was triggered.

BU 0235 en-2917 33
Functional Safety – Supplementary manual for series SK 250E-FDS

Switch-on block messages

Display in the
SimpleBox /
ControlBox Reason: Cause
Text in the ParameterBox • Remedy
Group Details in
P700 [-03]

I018 18.0 STO active The Safe Pulse Block safety circuit has been triggered. A
connected motor does not produce any torque.

Status information
It is possible to access status information by means of the ParameterBox, SimpleBox or via a field
bus. This information is not provided on a fail-safe basis, but rather only for information purposes!
The status of the "Safe Pulse Block" and the digital inputs and outputs can be accessed via the
information parameters and if necessary by means of the status word with communication via a field
bus.
In order to be able to query the reaction of the "Safe Pulse Block", the digital output, a Bus Out bit or a
free bit of the status word (Bit 10 or Bit 13) must be assigned the function “39" (STO inactive). The
status of this bit can be read out via the parameters P711 ("Relay Status") P741 [-01] ("Status Word"
or P741 [-05] (“Bus Out Bits") or transferred via the bus protocol.
For the "Safe Pulse Block" both the status of the input terminals (24V_SH, GND_SH) as well as the
reaction of the Safe Pulse Block can be queried.

34 BU 0235 en-2917
8 Additional information

8 Additional information

8.1 Protective switching devices


The safety switching device used for the intended purpose, as well as all additional components
required to implement a safety function, must fulfil the requirements of the special application in
accordance with the risk analysis.
The switching device outputs must fulfil the following basic conditions.

8.1.1 Output voltage


The stated voltage must be connected to the input terminals of the frequency inverter i.e. the voltage
drop in the cable which is used must be taken into account
• Mechanical protective switching device

24 V ± 25 % (18 V…30 V)
• Electronic protective switching device with OSSD outputs

24 V - 20 % / + 25 % (19.2 V…30 V) for the "safe pulse block"

8.1.2 Switching capacity and current load


The safety outputs of the switching devices must be designed for the loads stated below.
Load per connected frequency inverter “Safe Pulse Block”
Continuous current (mean value) ≤ 125 mA
Switch-on current ≤ 500 mA, for t ≤ 2 ms
Support capacitance (downstream of inverse polarity protection) 20 μF
Peak current after an OSSD test pulse (periodic) ≤ 500 mA, for t ≤ 300 μs

Increased current on switch-on or after a test pulse


Information
from an OSSD
Due to the support capacitors of the safe shut-down method, there is an increased current consumption on
switch-on and after a test pulse from an OSSD. The "safe pulse block" is equipped with an active current limiter in
order to reduce the load on safety outputs to a minimum.

BU 0235 en-2917 35
Functional Safety – Supplementary manual for series SK 250E-FDS

8.1.3 OSSD outputs, test pulses


• toff ≤ 0.5 ms (width of test pulse)
Maximum time in which the output of the protective switching device is switched off for test
purposes.
• D ≥ 90 % (duty, switch-on ratio)
The supply voltage is applied for at least 90% of the time i.e. for a test pulse of toff=0.5 ms, the
supply voltage is subsequently connected for at least ton=4.5 ms.
• Double pulses are permissible if the two pulses are at least 1µs apart and the condition for D is
fulfilled.

Permissible test pulses for an OSSD

The following sequence results at maximum pulse width:


– First test pulse with toff= 0.5 ms,
– Subsequently the supply voltage is applied for 0.5 ms,
– Followed by the second test pulse with toff= 0.5 ms,
– After this the supply voltage is applied for at least 8.5 ms!

36 BU 0235 en-2917
8 Additional information

8.2 Safety categories

8.2.1 IEC 60204-1:2005


(German version EN 60204-1:2006)
The requirements of a Category 0 and Category 1 stop function can be fulfilled by the "safe pulse
block".
The controlled braking of a Category 1 stop function is not fail-safe via the standard functions of the
frequency inverter. The switch-over to the stop function of Category 0 is fail-safe.

8.2.2 IEC 61800-5-2:2007


(German version EN 61800-5-2:2007)
The requirements for the functions "Safe Torque Switch Off" (STO) and "Safe Stop 1" (SS1) can be
fulfilled with the shut-down method "Safe Pulse Block.
With the function SS1, there is no safe monitoring of motor speed reduction or motor speed reduction
by the frequency inverter. If a risk analysis has shown that monitoring is necessary, this must be
carried out via an external safe control unit. The solutions for the function SS1 described in the
examples correspond to characteristics as per IEC 61800-5-2:2007, Section 4.2.2.3, Paragraph c)
"Triggering of motor speed reduction and triggering of the STO function after an application-specific
time delay". The motor speed reduction is carried out via the standard functionality of the frequency
inverter and is not fail-safe. The switch-over to the STO function is fail-safe.

8.2.3 IEC 61508:2010


(German version EN 61508:2010)
For the safety-relevant stop functions STO and SS1 (designation as per IEC 61800-5-2:2007),
frequency inverters with the safe shut-down methods according to this manual fulfil the requirements
for SIL 3. The controlled braking action of the stop function SS1 does not have SIL capability.
( Section 9.1 "Data for the Safe Pulse Block")

Information Digital inputs


The digital inputs do not have SIL capability

BU 0235 en-2917 37
Functional Safety – Supplementary manual for series SK 250E-FDS

8.2.4 ISO 13849-1:2015


(German version EN ISO 13849-1:2016)
For the safety-relevant stop functions, STO and SS1 (designation as per IEC 61800-5-2:2007),
frequency inverters with the safe shut-down methods according to this manual fulfil the requirements
for Performance Level e. With this, Safety Category 4 can be achieved.
( Section 9.1 "Data for the Safe Pulse Block")

The digital inputs (DIN1 / DIN4) which are used for the implementation of safety-relevant stop
functions are primarily intended as auxiliary inputs and can fulfil the requirements of Safety Category 1
and Performance Level c.
( Section 9.2 "Data for digital inputs")

Information Evaluation of safety function


The values stated in the Technical Data ( Section 9 "Technical Data") only refer to the stated inputs or shut-
down methods.
The components which are additionally required for the implementation of a safety function, such as a protective
switching device, an emergency stop button etc. must also be taken into account for the evaluation of the safety
function. The resulting safety-relevant data can be significantly influenced by these components.

38 BU 0235 en-2917
9 Technical Data

9 Technical Data

The Technical Data from the frequency inverter manual (BU 0250) apply!
In deviation from this:
Function Specification
Max. installation altitude ≤ 2000 m
above sea level

The following technical data also apply.

BU 0235 en-2917 39
Functional Safety – Supplementary manual for series SK 250E-FDS

9.1 Data for the Safe Pulse Block


Function Specification
Input voltage + 24 V
Voltage tolerance ± 25 % (18 V … 30 V)
Operation at OSSD - 20 % … + 25 % (19,2 V … 30 V)
Power consumption ≤ 125 mA
(mean value)
Peak current ≤ 500 mA
(peak, when switching
on or on the OSSD)
Cable length ≤ 100 m
Line capacitance ≤ 20 nF per connected frequency inverter
(≤ 4 nF * t_OSSD / 0.1 ms (with t_OSSD max. 0.5 ms))
Switch-on delay ≤ 200 ms
Response time ≤ 300 ms (≤ 65 ms typical)
Cycle time ≥1s
Requirements for OSSDs Test pulse width ≤ 500 µs
Duty (High level) ≥ 90 %
Time between double pulses ≥ 1 ms (observe the duty factor)
Safety integrity level SIL 3
(IEC 61508)
Probability of a PFH = 0
hazardous failure per
hour
Probability of a PFD = 0
hazardous failure on
call-up
Proportion of safe SFF = 100 %
failures
Safety category Category 4
(as per EN ISO 13849-1)
Performance Level PL e
(as per EN 13849-1)
Mean time until a MTTFd = "High" (>100 years)
hazardous failure
Degree of diagnostic cannot be established (PFH=0)
coverage (DC)
Lifetime TM = 20 years

40 BU 0235 en-2917
9 Technical Data

9.2 Data for digital inputs


(Only valid for digital inputs: DIN1 and DIN4)
Function Specification
Input voltage + 24 V
Voltage tolerance +- 37,5 % … + 25 % (15 V … 30 V)
High level (VT+) 15 V … 30 V
Low level (VT-) 0V…5V
Input resistance ≈ 9.5 kΩ (for Low level)
≈ 2.5 kΩ…3.5 kΩ (for High level)
Input capacitance 10 nF
Scan time ≤ 1 ms
Response time ≤ 5 ms
Requirements for OSSDs Test pulse width ≤ 500 µs
Duty (High level) ≥ 90 %
Time between double ≥ 1 ms (observe the duty factor)
pulses
Safety integrity level The digital inputs do not have SIL capability
(IEC 61508)
Probability of a PFH < 700 FIT
hazardous failure per
hour
Proportion of safe SFF > 72 %
failures
Safety category Category 1
(as per EN ISO 13849-1)
Performance Level (as PL c
per EN 13849-1)
The mean time until a MTTFd = "High" (>100 years)
hazardous failure
Degree of diagnostic No DC
coverage (DC)
Lifetime TM = 20 years

BU 0235 en-2917 41
Functional Safety – Supplementary manual for series SK 250E-FDS

10 Appendix

10.1 Repair information


In order to keep repair times as short as possible, please state the reasons for the return of the device
and at least one contact partner in case of queries.
In case of repairs, please send the device to the following address:

NORD Electronic DRIVESYSTEMS GmbH


Tjüchkampstraße 37
26606 Aurich, Germany

Information Third party accessories


Before returning a bus interface and/or a frequency inverter, please remove any external accessories such as
mains cables, potentiometers, external displays, etc., which were not supplied by Getriebebau NORD GmbH &
Co. KG No liability can be accepted by Getriebebau NORD GmbH & Co. KG for devices which are returned
with third party accessories.

Information Accompanying document


Please use the filled-in accompanying document for returns, You can find this on our homepage
www.nord.com or directly under the link Warenbegleitschein.

For queries about repairs, please contact:

Getriebebau NORD GmbH & Co. KG


Tel.: +49 (0) 45 32 / 289-2515
Fax: +49 (0) 45 32 / 289-2555

42 BU 0235 en-2917
10 Appendix

10.2 Service and commissioning information


In case of problems, e.g. during commissioning, please contact our Service department:
 +49 4532 289-2125
Our Service department is available 24/7 and can help you best if you have the following information
about the device (e.g. frequency inverter) and its accessories (e.g. bus interface) to hand:
• Type designation,
• Serial number,
• Firmware version

10.3 Documents and software


Documents and software can be downloaded from our website www.nord.com .

Other applicable documents and further information

Documentation Contents
BU 0250 Manual for field distribution system frequency inverter NORDAC LINK SK 250E-FDS ..
SK 280E-FDS
BU 0000 Manual for use of NORD CON software
BU 0040 Manual for use of NORD parameterisation units

Software

Software Description
NORD CON Parametrisation and diagnostic software

10.4 Certificates
The relevant certificates for "Functional Safety" can be downloaded from our internet page
www.nord.com

Certificates

Documentation Contents
C330704 Certificates for frequency inverters with "Safe Shut-down Methods" for frequency inverters
NORDAC Link SK 260E-FDS/ SK 280E-FDS

BU 0235 en-2917 43
Functional Safety – Supplementary manual for series SK 250E-FDS

10.5 Abbreviations

• AS-i AS Interface
• BW Braking resistor
• DIN Digital input
• DOUT Digital output
• EMC Electromagnetic compatibility
• FI Frequency inverter
• GND Earth
• OSSD Output Signal Switching Device
• P Parameter set dependent parameter, i.e. a parameter which can be assigned different
functions or values in each of the 4 parameter sets of the frequency inverter.
• S Supervisor parameter, i.e. A parameter which is only visible if the correct Supervisor
Code is entered in parameter P003
• SH "Safe Stop" (functional safety)
• SS1 "Safe Stop 1“
• STO Safe Torque Off, torque safely switched off
• SW Software or firmware version of the frequency inverter (can be displayed in parameter
P707)

44 BU 0235 en-2917
Key word index

Key word index


A M
Accompanying document ..............................42 mechanical brake .......................................... 12
Auto. Fault acknowledgement (P506) ...........32 Messages
Automatic starting (P428) ..............................30 Fault........................................................... 33
C Operating status ........................................ 33

Certificates .....................................................43 O
Commissioning ..............................................26 OSSD ...................................................... 24, 35
SS1 ............................................................ 27 P
STO ............................................................ 27 Parameters ................................................... 29
Controlled braking .........................................12 Protective switching devices ......................... 35
D Q
DC run-on time (P559) ..................................32 Quick stop time (P426) ................................. 30
Digital inputs ..................................................11
R
Digital inputs (P420) ......................................30
Repair ........................................................... 42
Digital output function (P434) ........................31
Restart block ................................................. 16
Documents
Returns ......................................................... 42
other applicable ..........................................43
S
E
Safe pulse block ............................................ 24
EEPROM copy order (P550) .........................32
Safe Pulse Block
EMC ............................................................... 24
Example .................................................... 25
Example .........................................................25
Safe Pulse Lock
SS1 ............................................................ 15
OSSD ........................................................ 24
STO ............................................................ 13
Safe shut-down method
Exclusion of faults ..........................................18
Safe Pulse Block ....................................... 24
F
Safety functions
Function BusIO Out Bits (P481) ....................31 Safe Stop 1 ................................................ 12
I Safe torque switch-off................................ 12
IEC 60204-1 SS1 ............................................................ 12
2005 ...........................................................37 STO ........................................................... 12
IEC 61508 Scope of Application ....................................... 4
2010 ...........................................................37 Software ........................................................ 43
IEC 61800-5-2 SS1 ............................................................... 12
2007 ...........................................................37 commissioning ........................................... 27
ISO 13849-1 example: .................................................... 15
2015 ...........................................................38 Standard
IEC 13849-1
2015 ....................................................... 38

BU 0235 en-2917 45
Functional Safety – Supplementary manual for series SK 250E-FDS
IEC 60204-1 commissioning ........................................... 27
2005........................................................37 Example .................................................... 13
IEC 61508 T
2010........................................................37 Technical Data .............................................. 39
IEC 61800-5-2
V
2007........................................................37
Validation ...................................................... 28
STO ............................................................... 12

46 BU 0235 en-2917
Key word index

BU 0235 en-2917 47
6072352 / 2917

You might also like