It would be a rare case in which your risk assessment does not indicate some level of safe control required in your drive system. This can be as simple as requiring safe disable of all VSDs in the event of an emergency stop or could get quite complicated, requiring position or speed limiting depending on what doors or guards are open and for setup purposes. Luckily, Siemens offers a range of functions in the Sinamics drive range to help you achieve your requirements (up to SIL2, PLd, Category 3).
Siemens provides the basic safety integrated functions of Safe Stop 1 (SS1) and Safe Torque Off (STO) as part of the package when you buy a Sinamics drive system. You can select these either through ProfiSAFE (from a failsafe PLC) or via terminals. Neither of these methods require you to buy a safety integrated option.
Terminals: in order to achieve the requirements of SIL2, PLd and Category 3 you need two independent channels to evaluate the command signal. One channel is wired to the EP+ terminal of the drive, the other must be wired to an isolated digital input on the control unit. It can be wired to any isolated digital input, but not to a bidirectional input/output. Additionally, while STARTER will allow you to connect internal drive signals to the “CU input” while offline, this type of configuration is not permitted and will be rejected if you attempt to download to the control unit.
Safe Stop 1: Stops along the OFF3 ramp (fast stop – set in p1135). If using terminals, as soon as the SS1 time has expired (p9652 and p9852 – must be the same), safe torque off will be applied.
Safe Torque Off: Safely disables pulses – i.e. no current and no torque in the drive. Analogous to turning off the contactor on DOL motor – but not quite. There is still a possibility of voltage available at the motor terminals, so for maintenance you would still need to power down the machine.
For motors with brakes you can also activate Safe Brake Control as part of the basic functions. Note that because the efficacy of the brake depends on its mechanical condition, this function has a weak point where a single failure can cause a hazardous situation (brakes are typically only required when there is gravitational potential energy in the axis the motor is driving). This means Safe Brake Control does not meet the requirements of SIL2, PLd or Category 3.
Extended functions include: Safe Stop 2 (SS2), Safely Limited Speed (SLS), Safely Limited Position (SLP), Safe Acceleration Monitoring (SAM). These can be activated via ProfiSAFE from a failsafe PLC or TM54F. Note these require an option purchased from Siemens.
SS2: This is similar to Safe Stop 1 except that once the motor comes to a standstill it remains in closed-loop control (i.e. Safe Operational Stop). If the motor moves from position during safe standstill, the drive will disable with a safety fault which will prevent re-enabling of the drive unless it is cleared either by powering off and on or performing a safety reset.
SLS: Four selectable levels of speed limiting are available. This is transparent to the system, if the speed limit is violated, a stop will be triggered. It is up to the higher level control to avoid programming speeds in excess of those allowed by the safety system.
SLP: Info to come.
SAM: Info to come.