-

Implementation of safety requirements from applicable standards

The function block has been developed according to the safety requirements (from applicable standards) listed in this section. All other requirements from these standards must be observed when implementing the safety-related function.

This section describes either how the function block meets the requirements of the standards or what measures need to be taken to meet the requirements of the standards.

StandardsContext/RequirementImplementation
EN ISO 12100-2Start-up after failure of supply voltage/spontaneous restartThe function block supports a start-up inhibit and/or restart inhibit of the function block after
  • start-up of the Sicherheitssteuerung or activation of the function block (S_StartReset = SAFEFALSE),
  • the light beam of the safety-related sensor is no longer being interrupted (S_AutoReset = SAFEFALSE).
You are responsible for planning and implementing the start-up/restart behavior according to your risk analysis. To prevent an unintended start-up/restart, you may need to perform an additional function start once the safety-related function has been reset. This will depend on both the results of the risk analysis and the signal path of the reset signal.
IEC 61496-1Special requirements for type 2 ESPEAccording to the standard, the test must be carried out after switching on the power supply of the ESPE prior to the change to the ON state, and at least after each reset. Verify this by means of appropriate external functions in the safety logic.

The function block verifies whether the value set for TestTime is plausible. A value greater than 150 ms is not permitted. Neither of the sensor test phases may be longer than the value specified with TestTime.

The function block provides a start-up inhibit after the safety module has started up and a restart inhibit after the safety function has returned. The following applies to a restart:
After an interruption or error of the optoelectronic safety equipment during sensor test phase 1 of the test, the function block always performs a restart inhibit.
After an interruption of the connected optoelectronic safety equipment during sensor test phase 2, a restart inhibit is performed, if S_AutoReset = SAFEFALSE is set. Otherwise (with a deactivated restart inhibit, S_AutoReset = SAFETRUE), an automatic restart is performed.

The function block supports the two-stage test. Use the StartTest function block input to control the tests. The S_TestOut function block output controls the test input for the connected safety-related sensor.
The status of the safety-related sensor (the S_OSSD_In input) must reflect the defined test sequence to ensure the test run can be completed without errors. The test sequence is monitored in accordance with the time specified at TestTime.

The test sequence monitored by the function block is outlined in the 'Sensor test phases' section.

The function block is switched to the defined safe state (output S_OSSD_Out = SAFEFALSE) if the results of the test are incorrect. The start-up inhibit keeps it in the defined safe state.
EN ISO 13849-1Manual reset deviceThe Reset input supports the function of a manual reset device.

Hinweis
Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a positive (rising) edge.
To implement the reset with a falling edge (with regard to the mandatory acceptance procedure), use the safety-related function block SF_Reset.

EN ISO 13849-1Category B to 2No more than one channel is required for the application design.

You are responsible for controlling the StartTest input and for carrying out tests. It is your responsibility to perform periodic tests in accordance with the results of the risk analysis you performed.

Refer to the warning below this table.

WARNUNG
Non-conformance to safety function requirements
  • Regularly check the safety-related sensor by periodically switching the StartTest input from FALSE to TRUE in accordance with the risk analysis.
  • Make certain that appropriate procedures and measures have been established to help avoid hazardous situations when applying TRUE to the StartTest input.