Safety Function: Door Locking and Monitoring Application ... · Safety Function: Door Locking and Monitoring Application Technique General Safety Information Risk Assessments

Application Technique

Safety Function: Door Locking and Monitoring Application TechniqueProducts: Guardmaster Dual-input Safety Relay, Guardmaster Expansion Module, TLSZR-GD2 Safety Guard Locking Switch, E-stop Button

Safety Rating: CAT. 4, PLe to ISO 13849-1: 2008

Topic Page

Important User Information 2

General Safety Information 3

Introduction 4

Safety Function Realization: Risk Assessment 4

Guard Locking Interlock Safety Function 4

Safety Function Requirements 5

Functional Safety Description 5

Bill of Material 6

Setup and Wiring 6

Configuration 8

Calculation of the Performance Level 9

Verification and Validation Plan 13

Additional Resources 19

Safety Function: Door Locking and Monitoring Application Technique

Important User Information

Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.

Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice.

If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.

In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.

The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams.

No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual.

Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.

Throughout this manual, when necessary, we use notes to make you aware of safety considerations.

Labels may also be on or inside the equipment to provide specific precautions.

WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss.

ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.

IMPORTANT Identifies information that is critical for successful application and understanding of the product.

SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.

BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.

ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).

2 Rockwell Automation Publication SAFETY-AT063D-EN-P - May 2016


General Safety Information

Risk Assessments

Contact Rockwell Automation to learn more about our safety-risk assessment services.

Safety Distance Calculations

Separating safeguards monitor a moveable, physical barrier that guards access to a hazard. Publications that offer guidance for calculating compliant access times for safety systems that use separating safeguards, such as gates with limit switches or interlocks (including SensaGuard™ switches), include the following:

EN ISO 14119:2013 (Safety of Machinery – Interlocking devices that are associated with guards - Principles for design and selection)

EN ISO 13855:2010 (Safety of Machinery – Positioning of safeguards about the approach speeds of parts of the human body)

ANSI B11:19 2010 (Machines – Performance Criteria for Safeguarding)

In addition, consult relevant national or local safety standards to assure compliance.

IMPORTANT This application example is for advanced users and assumes that you are trained and experienced in safety system requirements.

ATTENTION: Perform a risk assessment to make sure that all task and hazard combinations have been identified and addressed. The risk assessment can require additional circuitry to reduce the risk to a tolerable level. Safety circuits must consider safety distance calculations, which are not part of the scope of this document.

ATTENTION: While safety distance or access time calculations are beyond the scope of this document, compliant safety circuits must often consider a safety distance or access time calculation.

Rockwell Automation Publication SAFETY-AT063D-EN-P - May 2016 3


Introduction

This safety function application technique explains how to wire, configure, and integrate a Guardmaster® dual-input safety relay and a Guardmaster expansion module to monitor a TLSZR-GD2 safety guard-locking switch and prevent access while hazardous motion is present in the guarded area. An E-stop safety function is also integrated into the safety system. The dual-input safety relay monitors the safety guard-locking switch and E-stop to detect any faults in their operational state, or faults in the circuits. The dual-input safety relay and expansion module monitor their internal circuits for any faults. Faults lead to failure of the system to perform its safety functions on demand, which stops the hazardous motion. Once the safety function has been performed, the system cannot be reset until the fault has been corrected.

Safety Function Realization: Risk Assessment

The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be carried out by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety functions of the machine. In this application, the performance level required (PLr) by the risk assessment is Category 3, Performance Level d (CAT. 3, PLd), for each safety function. A safety system that achieves CAT. 3, PLd, or higher, can be considered control reliable. Each safety product has its own rating and can be combined to create a safety function that meets or exceeds the PLr.

Guard Locking Interlock Safety Function

This application technique includes three safety functions:• Emergency stop of hazardous motion initiated by an E-stop button.• Guard lock prevention of access to hazardous motion in the guarded area.• Prevention of unexpected startup.

This system provides a stop category 0; power is removed and hazardous motion coasts to a stop.

From: Risk Assessment (ISO 12100)

1. Identification of safety functions

2. Specification of characteristics of each function

3. Determination of required PL (PLr) for each safety function

To: Realization and PL Evaluation



Safety Function Requirements

Motor power is removed when the E-stop is pressed. Once power is removed, hazardous motion coasts to a stop. Tests have determined that coasting to a stop can take as long as 20 seconds. Risk assessment has shown that a person can open the gate and reach the hazardous motion in less than 20 seconds. To prevent dangerous access, a guard lock is used to keep the gate locked for 30 seconds after the E-stop is pressed. After 30 seconds, the operator is allowed to unlock the door by applying power to the guard lock by using the key switch. While the door is open, the system is monitored to prevent an unexpected start-up. When the door is closed, hazardous motion and power to the motor do not resume until a secondary action (start button depressed) occurs. Faults at the door interlock switch, wiring terminals, or safety controller are detected before the next safety demand.

The safety function in this example is capable of connecting and interrupting power to motors rated up to 9 A, 600V AC. The safety function meets the requirements for Category 4, Performance Level e (CAT. 4, PLe), per ISO 13849-1, SIL3 per IEC 62061, and control reliable operation per ANSI B11.19.

Functional Safety Description

In this application technique, the access gate is locked during normal operation. The dual-input safety relay uses pulse checking to monitor the E-stop for actuation and faults. The safety guard-locking switch monitors itself for faults, lock status, and gate actuation. When a fault is detected or the gate is unlocked or open, the safety guard-locking switch turns off both of its OSSD outputs. The dual-input safety relay de-energizes the redundant safety contactors (K1 and K2). This action removes power to the hazardous motion on actuation of the E-stop or the safety guard-locking switch, which turns off its OSSD outputs. Hazardous motion coasts to a stop in a maximum of 20 seconds (Stop Category 0). The expansion module delays power to the access-gate release-key switch while hazardous motion is running in normal operation, and for 30 seconds after power is removed from the hazardous motion in response to actuation of the E-stop. Once power is provided to the gate-release key switch via the K1, K2, and K3 normally-closed auxiliary contacts, turning the key to the right energizes the solenoid on the guard-locking switch, which unlocks it. Then, the gate may be opened. The operator removes the key so that the gate cannot be locked, nor the system reset, while the operator is in the hazardous area. The system cannot be reset until the gate is closed and locked, by inserting the key and turning it to the left, and the E-stop is released. The Reset button must be pressed for more than a quarter second and less than 3 seconds. A shorter press is ignored, and a longer press is ignored.



Bill of Material

This application technique uses these products.

Setup and Wiring

For detailed information on installing and wiring, refer to the publications listed in the Additional Resources.

System Overview

The dual-input safety relay monitors the E-stop by running its S11 and S21 pulsed outputs through the two channels of the E-stop to inputs S12 and S22, respectively. A loose wire, a shorted contact, a short to 24V, a short to 0V, or a cross fault between the channels can be detected by the dual-input safety relay.

The safety guard-locking switch is a fully self-monitoring device. When faults are detected, the safety guard-locking switch responds by turning off both of its OSSD outputs.

The dual-input safety relay monitors the outputs of both the E-stop and the safety guard-locking switch, and responds to any faults or demands from the devices by de-energizing its safety contacts, which removes power from the coils of the redundant 100S safety contactors (K1 and K2). Simultaneously, via the Single Wire Safety (SWS) connection, the dual-input safety relay starts the thirty-second delay-off function of the expansion module. Hazardous motion coasts to a stop in no more than 20 seconds.

After the 30-second delay, the expansion module de-energizes its safety contacts, which removes power from the coil of interposing relays K3 and K4. With K1, K2, K3, and K4 de-energized, 24V is available at the gate-release key switch. Turn the key switch to the right to energize the solenoid of the safety guard-locking switch and to unlock the gate. The key can be removed when in the ‘Right’ position. Once the key is removed, the gate cannot be locked, nor the system reset.

Cat. No. Description Quantity

800F-1YP3 800F 1-hole enclosure E-stop station, plastic, PG, twist-to-release, 40 mm (1.58 in.), non-illuminated, 2 N.C. 1

800F-BX10 N.O. status contact (add to 800F-1YP3) 1

440G-TZS21UPRH Guard lock, RFID door monitoring, power-to-release 1

440G-A27143 Flexible key/actuator 1

440G-ATZAExxxx RFID target 1

800FM-G611MX10 800F push button – metal, guarded, blue, R, metal latch mount, one N.O. contact, 0 N.C. contact, standard, standard pack

1

800FM-KM22MX11 800F 2-position key selector switch, right key removal, 1 N.O., 1 N.C. - gate release 1

440R-D22R2 Guardmaster safety relay, two dual-channel universal inputs, one N.C. solid-state auxiliary output 1

440R-EM4R2D Guardmaster safety relay, expansion module (Single Wire Safe is only input), N/A auxiliary output 1

100S-C09EJ23C MCS™ 100S-C safety contactor, 9 A, 24V DC - K1 and K2 2

700-HPS2Z24 700-HPS safety relay, DPDT, 8 A, 24V DC - K3 and K4 2

700-HN123 Socket, DIN mount – K3 and K4 2

700-HN119 Retainer clip – K3 and K4 2

855EP-G24Y3L5 Control tower stack light, pre-assembled, 10 cm (3.94 in.) pole mount with cap, gray housing, 24V AC/DC full voltage, green steady status indicator, amber flashing status indicator

1



The gate must be closed, and the key must be inserted and turned to the left, which locks the gate, before the reset button functions. The key cannot be removed when in the ‘Left’ position.

In this example, hazardous motion has ceased before access to the guarded area can occur.

Electrical Schematic

A1 A2

DI

S11

S12

S21

S22

S34

13

23

14

24

0V*

E-Stop

L11

S32

S42

L12

0 123

4567

8

LOGIC

A1 A2

L11

L12

EMDX32

(1) -Set for 30 second

OFF Delay (adjustable)

01

2

3

456

7

8

9

RANGE

1

2

3

4

567

8

9

10

TIME

Gry

Pnk

Brn

Yel

Red

Blu

TLSZR-GD2

DI = 440R-D22R2

EMD =440R-EM4R2D

24V** Class 2 Power Source

M

K1

K2

External Switched

Stop/Start Circuit

L1 L2 L3

Grn

17 18

E-Stop / Guard Locking

Wht (Aux.)

Y32

Ready For Unlock

G

SWS

SWS = Single Wire Safety

TLSZR-GD2 = 440G-TSZ21UPRH

KS1*

Gate Release

KS1* = 800FM-KM22MX11 - Left Position

27 28

K1

Status

to PLC

Status

to PLC

Status

to PLC

K2

Status

to PLC

Status

to PLC

Status

to PLC

Status

to PLC

Status

to PLC

K2

*K1

*

K4

K3

* K1 and K2 = 100S-C09EJ23BC: “EJ” contactors have integral transient suppression.

External transient suppression may be required when non-”EJ” contactors are used.

** K3 and K4 = 700-HPS2Z24 contactors. Additional 700-ADL12 LED Surge Supressors

are added to provide transient suppression.

**

**

(1)

A

855EP-G24Y3L5

Gate Open/Gate Unlocked

K1 K2 K4Reset

K3

K3

K4

Status

to PLC

24V* 0V**Class 2 Power Source

E-stop

Status to PLC

Status to PLC

Status to PLC

Status to PLC

Status to PLC

Status to PLC

Status to PLC

Status to PLC

Reset

External Switched Stop/Start Circuit

Gate Release

Status to PLC

Gate Open/Gate Unlocked

Ready For Unlock

(1) Set for 30-second OFF Delay (adjustable)

*K1 and K2 = 100S-C09EJ23BC: EJ contactors have integral transient suppression.External transient suppression may be required when non-EJ contactors are used.

**K3 and K4 = 700-HPS2724 contactors. Additional 700-ADL12 LED surge suppressors are added to provide transient suppression.

TLSZR-GD2 = 440G-TSZ21UPRHDI = 440R-D22R2SWS = Single Wire SafetyEMD = 440R-EM4R2DKS1* = 880FM-KM22MX11 - Left Position



Configuration

Configure the components of the safety system as described in the following sections.

Configure the Guardmaster Dual-input Safety Relay

Follow these steps to configure the Guardmaster dual-input safety relay. This procedure sets the function of the device.

1. With power off, turn the rotary switch to position 0.The unit powers up. The PWR status indicator flashes red.

2. Turn the rotary switch to position 2.

The IN 1 status indicator blinks the new setting. The position is set when the PWR status indicator is steady green.

3. Lock in the configuration by cycling power to the unit.Configuration must be confirmed before operation. Use the white space on the front of the device to record the unit setting.

Configure the Guardmaster Expansion Module

Follow these steps to configure the Guardmaster expansion module. This procedure describes timing and configuration. Both switches must be set. Status indicator B1 indicates position of the Range, and status indicator Logic IN indicates position of the Time.

1. With power off, turn the Range rotary switch to position 0, and power up the unit.The unit powers up. The PWR status indicator flashes red.

2. Turn the Range rotary switch to position 3, and turn the Time rotary switch to position 10.

The B1 and Logic IN status indicators blink the new settings. The position is set when the PWR status indicator is steady green.

3. Lock in the configuration by cycling power to the unit.Configuration must be confirmed before operation. Use the white space on the front of the device to record the unit setting.

Logic

Logic 2 = L12 or (IN1 and IN2)

Range

Time

*Set for thirty-second OFF delay



Calculation of the Performance Level

When properly implemented, the two safety functions in this safety system can achieve a safety rating of Category 4, Performance Level e (CAT. 4, PLe), according to ISO 13849-1: 2008, as calculated by using the Safety Integrity Software Tool for the Evaluation of Machine Applications (SISTEMA).

The functional safety specifications of the project call for a minimum of Performance Level d (PLd) and a minimum structure of Category 3 (CAT. 3). A PFHd of less than 1.0 E-06 for the overall safety function is required for PLd.

The values for the overall door monitoring and locking project are shown below.

The values for the E-stop function are shown below.

This E-stop safety function can be modeled as follows.

Because the E-stop button and the 100s contactors are electromechanical devices, their safety data includes the following:

• Mean Time to Failure, dangerous (MTTFd)• Diagnostic Coverage (DCavg)• Common Cause Failure (CCF)

Subsystem 1 Subsystem 4Subsystem 2 Subsystem 3

Fault

ExclusionGSR DI

100S

K1

E-stop

CH1

E-stop

CH2100S

K2

Input Logic Output

Subsystem 2 Subsystem 3 Subsystem 4Subsystem 1

Input Logic Output

E-stop channel 1

E-stop channel 2

Fault Exclusion

Guardmaster Dual-input

Safety Relay

100S K1

100S K2



Functional safety evaluations of electromechanical devices include the following:• How frequently they are operated• Whether they are effectively monitored for faults• Whether they are properly specified and installed

SISTEMA calculates the MTTFd by using the B10d data provided for the E-stop and 100S contactors in the SISTEMA safety library and the frequency of operation data entered by the user during the creation of the SISTEMA project.

The DCavg (99 %) for the E-stop button is selected from the Input Device table of EN ISO 13849-1:2008 Annex E, “Cross monitoring of input signals.”

The DCavg (99 %) for the 100S contactor is selected from the Output Device table of EN ISO 13849-1:2008 Annex E, “Direct Monitoring of electromechanical devices by mechanically linked contact elements.”

The emergency stop function is a complementary protective measure that is intended to be used with other safeguarding measures and protective devices to sufficiently reduce risk. The emergency stop function shall be designed not to impair the effectiveness of the other protective devices or safety functions.

Because the E-stop uses one mechanical actuator to operate both channels, a fault exclusion must be considered. ISO 13849-2:2012, Annex D, Table D.8 allows a fault exclusion for the mechanical aspects of emergency stop devices in accordance with IEC 60947-5-5, provided the maximum number of operations is considered. The fault exclusion block is included to reflect this configuration.

The values for the guard lock and prevention of dangerous access function are shown below.

This guard-lock safety function can be modeled as follows.

Subsystem 1 Subsystem 2 Subsystem 3

Fault

ExclusionGSR DI

E-stop

CH1

E-stop

CH2

Input Logic Output

Subsystem 5Subsystem 4

GSR EMD TLSZR

Subsystem 4

700S

K3

700S

K4

Input Logic Output

Subsystem 1 Subsystem 2 Subsystem 3 Subsystem 4 Subsystem 5Subsystem 1 Subsystem 6

E-stop channel 1

E-stop channel 2

Fault Exclusion


Safety Relay

Guardmaster Expansion

Module

700S K3

700S K4

TLSZR Safety Guard

Locking Switch



Because the E-stop button and 700 HPS contactors are electromechanical devices, their safety data includes the following:

• Mean Time to Failure, dangerous (MTTFd)• Diagnostic Coverage (DCavg)• Common Cause Failure (CCF)


SISTEMA calculates the MTTFd by using the B10d data provided for the E-stop and 700 HPS contactors in the SISTEMA safety library and the frequency of operation data entered by the user during the creation of the SISTEMA project.

The DCavg (99 %) for the E-stop button is selected from the Input Device table of EN ISO 13849-1:2008 Annex E, “Cross monitoring of input signals.”

The DCavg (99 %) for the 700 HPS contactor is selected from the Output Device table of EN ISO 13849-1:2008 Annex E, “Direct Monitoring of electromechanical devices by mechanically linked contact elements.”

The CCF value is generated by using the scoring process outlined in Annex F of EN ISO 13849-1:2008. The complete CCF scoring process must be performed when actually implementing the application. A minimum score of 65 must be achieved.

The emergency stop function is a complementary protective measure that is intended to be used with other safeguarding measures and protective devices to sufficiently reduce risk. The emergency stop function shall be designed not to impair the effectiveness of the other protective devices or safety functions.

Because the E-stop uses one mechanical actuator to operate both channels, a fault exclusion must be considered. ISO 13849-2:2012 Annex D Table D.8 allows a Fault Exclusion for the mechanical aspects of emergency stop devices in accordance with IEC 60947-5-5 provided the maximum number of operations is considered. The Fault Exclusion Block is included to reflect this configuration.

The values for the prevention of unexpected start-up function are shown below.



This prevention of unexpected start-up safety function can be modeled as follows.

Because the 100s contactors are electromechanical devices, their safety data includes the following:• Mean Time to Failure, dangerous (MTTFd)• Diagnostic Coverage (DCavg)• Common Cause Failure (CCF)


The DCavg (99 %) for the 100S contactors is selected from the Output Device table of EN ISO 13849-1:2008 Annex E, “Direct Monitoring of electromechanical devices by mechanically linked contact elements.”

Subsystem 2

GSR DI

Logic Output

Subsystem 1

TLSZR

Subsystem 3

100S

K1

100S

K2

Output

p p

TLSZR Safety Guard

Locking Switch


Safety Relay

100S K2

100S K1

OutputOutput Logic

Subsystem 2 Subsystem 3Subsystem 1



Verification and Validation Plan

Verification and validation play important roles in the avoidance of faults throughout the safety system design and development process. ISO 13849-2 sets the requirements for verification and validation. The standard calls for a documented plan to confirm that all safety functional requirements have been met.

Verification is an analysis of the resulting safety control system. The Performance Level (PL) of the safety control system is calculated to confirm that the system meets the required Performance Level (PLr) specified. The SISTEMA software is typically used to perform the calculations and assist with satisfying the requirements of ISO 13849-1.

Validation is a functional test of the safety control system to demonstrate that the system meets the specified requirements of the safety function. The safety control system is tested to confirm that all safety-related outputs respond appropriately to their corresponding safety-related inputs. The functional test includes normal operating conditions and potential fault injection of failure modes. A checklist is typically used to document the validation of the safety control system.

Before validating the Guardmaster safety relay system, confirm that the Guardmaster safety relay has been wired and configured in accordance with the installation instructions.

Verification and Validation Checklist

General Machinery Information

Machine Name/Model Number

Machine Serial Number

Customer Name

Test Date

Tester Name

Schematic Drawing Number

Configurable Safety Relay

Safety Relay 440R-D22R2 (DI)

Input Devices

E-stop 800F-1YP3

Guard Lock 440G-TZS21UPRH (TLS-Ple)

Output Devices

Safety Contactor 100S-C09EJ23BC

Interposing Contactor 700-HPS2Z24

Guard Lock 440G-TZS21UPRH (TLS-Ple)

Safety Wiring and Relay Configuration Verification

Test Step Verification Pass/Fail Changes/Modifications

1 Confirm that all component specifications are suitable for the application. See Basic Safety Principles and Well-tried Safety Principles from ISO 13849-2.

2 Visually inspect the safety relay circuit to confirm that it is wired as documented in the schematics.

3 Confirm that the switch settings of the dual-input safety relay and the expansion module are the correct, intended configurations.



Normal Operation Verification - The safety system responds properly to all normal Start, Stop, Reset, E-stop, and TLS-Ple inputs.

Test Step Verification Pass/Fail Changes/Modifications

1 Confirm that no one is in the guarded area.

2 Confirm that hazardous motion is stopped.

3 Confirm that the door is closed and locked.

4 Confirm that the E-stop button is not pressed.

5 Initiate the external Start command.

6 Apply power to the safety system.

7 The OUT status indicator on the dual-input safety relay blinks green, which indicates that the system is waiting for Reset. The four contactors remain de-energized.

8 Press and release the Reset button. The OUT status indicator is solid green. All four contactors energize. Hazardous motion begins.

9 Initiate the external Stop command. Hazardous motion coasts to a stop within 20 seconds. The safety system remains energized and does not respond.

10 Initiate the external Start command. Hazardous motion begins. The safety system remains energized and does not respond.

11Press the E-stop button. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop in no more than 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.

12 Turn the gate-release switch key to the right. The amber Gate Open/Gate Unlocked stack light is ON. Open the gate. The safety system does not respond.

13 Release the E-stop button. Press and release the Reset button. The safety system does not respond.

14 Press the E-stop button again. Close the gate. Press and release the E-stop button. The system does not respond.

15 Press and release the Reset button. The safety system responds. The four contactors energize and both stack lights turn OFF.

16Press the E-stop button. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop in no more than 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.

17 Release the E-stop button. The OUT status indicator on the dual-input safety relay blinks green. Briefly tap the Reset button. The safety system does not respond.

18 Press and hold the reset button for 5 seconds. The safety system must not respond.

19 Press and release the Reset button. The safety system responds. The OUT status indicator is solid green. All four contactors energize. Hazardous motion begins.

Validation of Safe Response to Abnormal Operation - The safety system responds properly to all foreseeable faults with corresponding diagnostics.

E-stop, Dual-input Safety Relay Tests

Test Step Validation Pass/Fail Changes/Modifications

Note: Steps 1…4 validate proper E-stop operation in both the case of one loose wire, and in the case of one E-stop channel failing to open when the E-stop is pressed.

1

While hazardous motion continues to run, remove the E-stop wire on S12. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop in no more than 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.

2 Reconnect the wire to S12. Press and release the Reset button on the dual-input safety relay. The dual-input safety relay does not respond.

3 Press and release the E-stop button.




4 Press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. Hazardous motion begins.

5 Repeat steps 1…4 by using S22 in place of S12.

6

While hazardous motion continues to run, briefly jump 24V to E-stop terminal S12. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. The PWR/Fault status indicator on the dual-input safety relay is steady red. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.

7 Press and release the Reset button on the dual-input safety relay. The dual-input safety relay does not respond.

8

Cycle power to the dual-input safety relay. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button on the dual-input safety relay. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


10



12

Cycle power to the dual-input safety relay. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


14

While hazardous motion continues to run, briefly jump terminal S12 to terminal S22. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. The PWR/Fault status indicator on the dual-input safety relay is steady red. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.


16

Cycle power to the dual-input safety relay. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


Safety Guard Locking Switch Tests


Note: Steps 1…4 validate proper operation of the safety guard locking switch and dual-input safety relay in both the case of a single loose wire and in the case of one safety guard-locking switch channel failing to open when the gate is opened.

1

While hazardous motion continues to run, remove the output wire on S32 of the safety guard-locking switch. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop in no more than 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.

2 Reconnect the wire to S32. Press and release the Reset button on the dual-input safety relay. The dual-input safety relay does not respond.

3Turn the gate-release key to unlock the gate. The Gate Open/Gate Unlocked stack light turns ON. Open and close the gate, and turn the key back to lock the gate. The OUT status indicator on the dual-input safety relay blinks green.




4 Press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. Hazardous motion begins.


6

While hazardous motion continues to run, briefly jump 24V to terminal S32 on the safety guard locking switch. After approximately 40 seconds, the K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.


8

Cycle power to the safety guard locking switch. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. Hazardous motion begins.


10



12

Cycle power to the safety guard-locking switch. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button on the dual-input safety relay. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


14

While hazardous motion continues to run, briefly jump terminal S32 to terminal S42. After approximately 40 seconds, the K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. The PWR/Fault status indicator on the dual-input safety relay is steady red. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.


16

Cycle power to the safety guard-locking switch. When the OUT status indicator on the dual-input safety relay begins to blink, press and release the Reset button. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


Dual-input Safety Relay Tests with 'Logic' Setting Fault


1

While hazardous continues to run, turn the LOGIC rotary switch on the dual-input safety relay from the proper position 2 to position 5. The PWR/Fault status indicator blinks red-green twice, pauses steady green, and repeats. Hazardous motion continues to run.

2 Confirm that the dual-input safety relay and expansion module response to the E-stop input continues to be normal.

3Return the LOGIC rotary switch on the dual-input safety relay to position 2. The red-green blinking ceases. The PWR/Fault status indicator is steady green. The system continues to operate normally.





Dual-input Safety Relay and Expansion Module Tests with 'Range' Setting Fault


1

While hazardous motion continues to run, turn the RANGE rotary switch on the expansion module from the proper position 3 to position 5. The PWR/Fault status indicator blinks red-green twice, pauses steady green, and repeats. Hazardous motion continues to run.


3Return the RANGE rotary switch on the expansion module to position 3. After 15…20 seconds, the red-green blinking ceases. The PWR/Fault status indicator is steady green. The system continues to operate normally.


Dual-input Safety Relay and Expansion Module Tests with 'Time x 10 %' Setting Fault


1

While hazardous motion continues to run, turn the TIME x 10 % rotary switch on the expansion module from the proper position 10 to position 5. The PWR/Fault status indicator blinks red-green twice, pauses steady green, and repeats. Hazardous motion continues to run.


3Return the RANGE rotary switch on the expansion module to position 3. After 15…20 seconds, the red-green blinking ceases. The PWR/Fault status indicator is steady green. The system continues to operate normally.


Single Wire Safety (SWS) Tests


1

While hazardous motion continues to run, remove the SWS wire on L12 of the expansion module. The Logic IN status indicator blinks green. The dual-input safety relay does not respond. Hazardous motion continues. After 30 seconds, the K3 and K4 contactors de-energize. The green Ready for Unlock stack light turns ON. Hazardous motion continues.

2 Turn the gate-release key to unlock the gate. The gate does not unlock. The Gate Open/Gate Unlocked stack light does not turn ON.

3

Reconnect the SWS wire to L12. The expansion module energizes its outputs. The K3 and K4 contactors energize. The Ready for Unlock stack light turns OFF. The dual-input safety relay does not respond. Hazardous motion continues. The Logic IN status indicator of the expansion module blinks green. After 30 seconds, the K3 and K4 contactors de-energize and the Ready For Unlock stack light turns ON. The PWR/FAULT status indicator blinks red/green four times, pauses green, and repeats.

4 Cycle power to the expansion module. The expansion module powers up in the normal manner.

5

While hazardous motion continues to run, jump 24V to L12 of the expansion module for approximately 2 seconds. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. After 30 seconds, the K3 and K4 contactors de-energize, and the Ready for Unlock stack light turns ON. The PWR/FAULT status indicator of the dual-input safety relay blinks red five times, pauses OFF, and repeats. The Logic IN status indicator of the expansion module blinks green. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.





7

Cycle power to the dual-input safety relay. When the OUT status indicator begins to blink, press and release the Reset button on the dual-input safety relay. The safety system responds. The four contactors energize and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.

8

While hazardous motion continues to run, jump 0V to L12 on the expansion module for approximately 2 seconds. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop within 20 seconds. After 30 seconds, the K3 and K4 contactors de-energize, and the Ready for Unlock stack light turns ON. The PWR/FAULT status indicator on the dual-input safety relay blinks red five times, pauses OFF, and repeats. The Logic IN status indicator on the expansion module blinks green. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light is ON.


10

Cycle power to the dual-input safety relay. When the OUT status indicator begins to blink, press and release the Reset button on the dual-input safety relay. The safety system responds. The four contactors energize, and the stack light turns OFF. The PWR/Fault status indicator on the dual-input safety relay is green. Hazardous motion begins.


Contactor Feedback Fault Tests


1 While hazardous motion continues to run, remove the 24V connection at K1 of the K1-K2-K3-K4 feedback string.

2Press the E-stop button. The K1 and K2 contactors de-energize. Hazardous motion coasts to a stop in no more than 20 seconds. The K3 and K4 contactors de-energize after 30 seconds. The green Ready for Unlock stack light turns ON.

3 Turn the gate-release switch key to the right. The gate does not unlock. The Gate Open/Gate Unlocked stack light does not turn ON.

4 Release the E-stop button. Press and release the Reset button. The system does not respond.

5 Reconnect 24V at K1 of the K1-K2-K3-K4 feedback string.

6 Press and release the Reset button. The safety system responds. The four contactors energize, and the stack light turns OFF.




Additional Resources

These documents contain more information about related products from Rockwell Automation

You can view or download publications at http://www.rockwellautomation.com/literature/. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative.

Resource Description

TLSZR/L-GD2 Guard Locking Switch Installation Instructions, publication 440G-IN007 Provides instructions on how to install, commission, operate, and maintain the TLSZR/L-GD2 safety guard locking switch.

Guardmaster Safety Relay DI Installation Instructions, publication 440R-IN037 Provides instructions on how to install, commission, operate, and maintain the Guardmaster dual-input safety relay.

Guardmaster Safety Relay DI/DIS Troubleshooting Guide, publication 440R-TG002 Provides information on how to troubleshoot the Guardmaster dual-input safety relay.

Guardmaster Safety Relay EMD Installation Instructions, publication 440R-IN045 Provides instructions on h ow to install, commission, operate, and maintain the Guardmaster expansion module.

Guardmaster Safety Relay EMD Troubleshooting Guide, publication 440R-TG001 Provides information on how to troubleshoot the Guardmaster expansion module.

Next Generation Guardmaster Safety Relays, publication SAFETY-WD001 Provides functional descriptions, guidance, and wiring diagrams for the Guardmaster safety relays.

Safety Switches Brochure, publication GLSAFE-BR002 Describes the safety switches and interlock switches available from Rockwell Automation.

Guardmaster Safety Relays Selection Guide, publication 440R-SG001 Provides specifications and block diagrams for the Guardmaster safety relays.

Industrial Automation Wiring and Grounding Guidelines, publication 1770-4.1 Provides general guidelines on how to install a Rockwell Automation industrial system.

Safety Products Catalog, publication S117-CA001Website http://www.rockwellautomation.com/rockwellautomation/catalogs/overview.page

Provides information about Rockwell Automation safety products.

Product Certifications website, http://www.rockwellautomation.com/global/certification/overview.page Provides declarations of conformity, certificates, and other certification details.


http://www.rockwellautomation.com/global/certification/overview.page

http://www.rockwellautomation.com/global/certification/overview.page

http://literature.rockwellautomation.com/idc/groups/literature/documents/ca/s117-ca001_-en-p.pdf

http://www.rockwellautomation.com/rockwellautomation/catalogs/overview.page

http://www.rockwellautomation.com/rockwellautomation/catalogs/overview.page

http://www.literature.rockwellautomation.com/idc/groups/literature/documents/in/1770-in041_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/in/440g-in007_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/in/440r-in037_-mu-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/tg/440r-tg002_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/in/440r-in045_-mu-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/tg/440r-tg001_-mu-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/wd/safety-wd001_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/sg/440r-sg001_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/br/glsafe-br002_-en-p.pdf

http://www.rockwellautomation.com/literature/

Allen-Bradley, Guardmaster, LISTEN. THINK. SOLVE, MCS, Rockwell Automation, Rockwell Software, and SensaGuard are trademarks of Rockwell Automation, Inc.Trademarks not belonging to Rockwell Automation are property of their respective companies.

Publication SAFETY-AT063D-EN-P - May 2016

Rockwell Automation SupportUse the following resources to access support information.

Documentation FeedbackYour comments will help us serve your documentation needs better. If you have any suggestions on how to improve this document, complete the How Are We Doing? form at http://literature.rockwellautomation.com/idc/groups/literature/documents/du/ra-du002_-en-e.pdf.

Technical Support Center Knowledgebase Articles, How-to Videos, FAQs, Chat, User Forums, and Product Notification Updates. www.rockwellautomation.com/knowledgebase

Local Technical Support Phone Numbers Locate the phone number for your country. www.rockwellautomation.com/global/support/get-support-now.page

Direct Dial CodesFind the Direct Dial Code for your product. Use the code to route your call directly to a technical support engineer.

www.rockwellautomation.com/global/support/direct-dial.page

Literature Library Installation Instructions, Manuals, Brochures, and Technical Data. www.rockwellautomation.com/literature

Product Compatibility and Download Center (PCDC)

Get help determining how products interact, check features and capabilities, and find associated firmware.

www.rockwellautomation.com/global/support/pcdc.page

Rockwell Otomasyon Ticaret A.Ş., Kar Plaza İş Merkezi E Blok Kat:6 34752 İçerenköy, İstanbul, Tel: +90 (216) 5698400

Rockwell Automation maintains current product environmental information on its website at http://www.rockwellautomation.com/rockwellautomation/about-us/sustainability-ethics/product-environmental-compliance.page.

For more information onSafety Function Capabilities, visit:http://marketing.rockwellautomation.com/safety/en/safety_functions

Supersedes Publication SAFETY-AT063C-EN-E - May 2013 Copyright © 2016 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.

http://www.rockwellautomation.com/rockwellautomation/about-us/sustainability-ethics/product-environmental-compliance.page

http://marketing.rockwellautomation.com/safety/en/safety_functions

Documents

Safety Function: Door Locking and Monitoring Application ... · Safety Function: Door Locking and Monitoring Application Technique General Safety Information Risk Assessments