Toshiba VF-AS1 Power Supply User Manual


 
E6581528
I-6
9
9.3 Compliance with safety standards
The VFAS1 inverter has the “power removal” safety function that complies with safety standards.
To ensure safety performance, however, the mechanical system with which the VFAS1 inverter is used has to
adhere to such standards as a whole. The PWR input terminal on the control terminal board has power removal
safety function. When PWR is not connected to the 24V/PLC, the motor cannot be started. And if it is opened
between the 24V/PLC and PWR during driving the motor, it coasts to a stop.
To be more specific, in order for the system to satisfy the following safety standards, it needs to be configured, as
shown on the next page, with the power removal terminal of the VFAS1 inverter so that it will coast or decelerate to
a stop in the event of a failure.
To ensure that the motor coasts or decelerates to a stop if unusual event occurs, the power removal circuit is
designed with redundancy and it has a diagnosis circuit that determines whether the unusual event is at a
permissible level or not, in addition to a hardware circuit and software that cut off the operation signal if the unusual
event is judged impermissible. This safety function is certified by the certification organization “INERIS.”
The VFAS1 inverter meets the IEC/EN61508 SIL2 requirements.
(The term “SIL” is an acronym for “Safety Integrity Level,” which is a safety performance scale.)
The VFAS1 inverter falls under Category 3 of the safety standard EN954-1 for mechanical systems.
The VFAS1 inverter supports the two stopping methods defined in IEC/EN61800-5-2.
One is “STO,” which refers to “coast and stop,” and the other is “ST1,” which refers to “deceleration stop.”
EN61508 is an international standard that defines safety performance required for systems provided with electric
and electronic programmable devices, and SIL2 applies to systems that are configured with dangerous failure rates
of as low as 10
-6
to 10
-7
, as shown in the table below. For the relationship between SIL and inverter configuration,
see the following pages.
<<Target for EIC/EN61508 safety performance scale>>
SIL Heavy-duty operation mode or continuous operation mode (Hourly dangerous failure rate)
4 10
-9
~ 10
-8
3 10
-8
~ 10
-7
2 10
-7
~ 10
-6
1 10
-6
~ 10
-5
The European standard EN954-1, a basic safety standard for mechanical system, categorizes machines by degree of anger.
Placed in Category 3 are machines that are designed with redundancy so that a single failure will not cause a degradation in
their safety performance.For the relationship between each category and the safety function, see the table below.
<<Categories relating to safety according to EN 954-1>>
Categories Basic safety principle Control system requirements Behaviour in the event of a fault
B Selection of components that
conform to relevant
standards.
Control in accordance with good
engineering practice.
Possible loss of safety function.
1 Selection of components and
basic safety principles.
Use of tried and tested components
and proven safety principles.
Possible loss of safety function,
but with less probability of this
than with B
2 Selection of components and
basic safety principles.
Cyclic testing. The test intervals
must be suited to the machine and
its applications.
Fault detected at each test.
3 Structure of the safety
circuits.
A single fault must not cause loss of
the safety function.
This single fault must be detected if
reasonably practicable.
Safety function ensured, except in
the event of an accumulation of
faults.
4 Structure of the safety
circuits.
A single fault must not cause loss of
the safety function.
This fault must be detected at or
before the next demand on the
safety function.
An accumulation of faults must not
cause loss of the safety function.
Safety function always ensured.
The three stopping methods described on the following pages were selected in accordance with IEC60204-1.
Stopping method 1 (Stop category 0): Stops the mechanical system by cutting off the power supply immediately.
Stopping method 2 (Stop category 1): First controls the mechanical system to stop it, and then cuts off the power supply.
Stopping method 3 (Stop category 2): First cut off the power supply, and then controls the mechanical system to stop it.
Caution
Mandatory
For preventive maintenance, check at least once a year whether the power removal safety
function operates normally.