Functional description

This topic contains the following sections:

The safety-related SF_EDM function block monitors the defined initial state and the switching behavior of contactors connected to the Safety PLC.
After activating the FB (enters the init state) a start-up inhibit is active by default.

If the feedback signals from the connected contactors in the switching or initial states show values that are not permissible, the function block sets the S_EDM_Out output to the defined safe state (SAFEFALSE).

WARNING

Non-conformance to safety function requirements

Ensure that the contactors used correspond to the results of the risk analysis carried out in accordance with ISO 13849-1.

If the feedback signals reflect the correct switching behavior for the contactors and the function block is activated (Activate = TRUE), and the mandatory start-up inhibit has been reset, the function block receives the control signal for the contactors to be monitored at the S_OutControl input and switches the S_EDM_Out output to which the contactors are connected accordingly.

The function block executes stop category 0 at its output.

Verifying the initial state

If the connected contactors are in the initial state, the feedback signal at inputs EDM1 and EDM2 must be TRUE.

The initial state is verified by the function block if

a SAFETRUE signal is present at the S_OutControl input. If the initial state is correct, the function block switches the S_EDM_Out output to SAFETRUE. If not, the function block outputs an error message and the S_EDM_Out output remains in the defined safe state (SAFEFALSE).
a SAFEFALSE signal is present at the S_OutControl input when the function block is activated and the start-up inhibit has been removed. If, after the time set at MonitoringTime has elapsed, the feedback signals EDM1 and EDM2 do not report the initial state, the function block detects an error.

Verifying the switching behavior

Once the S_EDM_Out output switches to SAFETRUE, the feedback signal at the EDM1 and EDM2 inputs must become FALSE within the permissible response time specified at MonitoringTime. Otherwise, the function block outputs an error message (output Error = TRUE) and the S_EDM_Out output switches to the defined safe state SAFEFALSE.
If the S_EDM_Out output switches from SAFETRUE to SAFEFALSE, the switching operation is also monitored. The feedback signal at the EDM1 and EDM2 inputs must become TRUE within the permissible response time set via MonitoringTime.

Start-up inhibit by default

A start-up inhibit is active by default after activating the function block and/or starting the Safety PLC. The start-up inhibit is only removed if there is a positive signal edge at the Reset input.

Removing the start-up inhibit by means of a positive signal edge at the Reset input can cause the S_EDM_Out output to switch to SAFETRUE immediately (depending on the status of the other inputs).

WARNING

Unintended start-up

Verify the impact of removing the start-up inhibit by means of a positive signal edge at the Reset input.

Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations when removing the start-up inhibit.

Do not enter the zone of operation when removing the start-up inhibit.

Ensure that no other persons can access the zone of operation when removing the start-up inhibit.

Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Single-channel or two-channel applications

Depending on the risk analysis and the resulting safety requirements for an application, the contactors must be controlled on either a single-channel or two-channel basis.
Examples of this type of application can be found in the overview for this function block and in the topic titled "Additional application examples".

Single-channel application with state monitoring of the connected contactor

If only one feedback signal is used, this must be connected in parallel to both inputs EDM1 and EDM2. An example of this type of application can be found at the end of the overview for this function block.

Two-channel application with state monitoring of the connected contactors

Diagnostics for the connected contactors can be performed on a channel-specific basis by having separate feedback signals from the two contactors to be monitored at the inputs EDM1 and EDM2. Having two feedback signals also makes it possible for the function block to detect errors on the connected I/O devices (for example, feedback contact disconnected from the contactor or bridged).

When implementing a single feedback signal from the contactors to be monitored, the two contacts must be connected in series. The signal resulting from this series connection is then connected in parallel to both inputs EDM1 and EDM2. It is not possible to perform channel-specific diagnostics for the connected contactors in such cases. Similarly, it is not possible for the function block to detect errors on the connected I/O devices (for example, feedback contact disconnected from the contactor or bridged).
An example of this type of application can be found in the topic entitled "Additional application examples".

WARNING

Non-conformance to safety function requirements

Ensure that the contactors used correspond to the results of the risk analysis carried out in accordance with ISO 13849-1.

Note
If this function block is being used for diagnostics, the contactor must have an auxiliary contact. To ensure clear diagnostics, this auxiliary contact must have a positively-driven connection to the load contacts.