Danfoss MCB 112 PTC Thermistor Card Instruction Manual

Danfoss MCB 112 PTC Thermistor Card

Introduction

Purpose of the Manual

This manual provides information for the use of Danfoss VLT® adjustable frequency drives in functional safety applications. The manual includes information about functional safety standards, Danfoss VLT® adjustable frequency drive Safe Torque Off (STO) function, and the related installation and commissioning as well as service and maintenance for STO.

VLT® is a registered trademark.

Additional Resources

This manual is targeted at users already familiar with the VLT® adjustable frequency drives and is intended as a supplement to the manuals and instructions available for download at www.danfoss.com/BusinessAreas/DrivesSolutions/Documentations/VLT+Technical+Documentation.htm. Read the instructions shipped with the adjustable frequency drive and/or adjustable frequency drive option before installation of the unit and observe the instructions for safe installation.

Functional Overview

Introduction

The Safe Torque Off (STO) function is a component in a safety control system. STO prevents the unit from generating the voltage required to rotate the motor.

Select and apply the components in the safety control system appropriately to achieve the desired level of operational safety. Before integrating and using STO in an installation, carry out a thorough risk analysis on the installation to determine whether the STO functionality and safety levels are appropriate and sufficient.

The VLT® adjustable frequency drive is available with:

• Safe Torque Off (STO), as defined by EN IEC 61800-5-2
• Stop Category 0, as defined in EN 60204-1

The adjustable frequency drive integrates the STO functionality via control terminal 37.
The VLT® adjustable frequency drive with STO functionality is designed and approved suitable for the requirements of:

• Category 3 in EN ISO 13849-1
• Performance Level “d” in EN ISO 13849-1
• SIL 2 in IEC 61508 and EN 61800-5-2
• SILCL 2 in EN 62061

Products Covered and Identification

The STO function is available for the following types of adjustable frequency drives:

• VLT® HVAC Drive FC 102
• VLT® Refrigeration Drive FC 103
• VLT® AQUA Drive FC 202
• VLT® AutomationDrive FC 301 enclosure type A1
• VLT® AutomationDrive FC 302

Identification

• Confirm that the adjustable frequency drive is configured with STO function by checking the unit type code on the nameplate (see Table 1.1).

Table 1.1 Type Code Identification

Approvals and Certifications

More approvals and certifications are available. Contact a local Danfoss partner.

Applied standards and compliance

Use of STO on terminal 37 requires that the user satisfies all provisions for safety including relevant laws, regulations and guidelines. The integrated STO function complies with the following standards:

• EN 60204-1: 2006 Stop category 0 – uncontrolled stop
• IEC/EN 61508: 2010 SIL2
• IEC/EN 61800-5-2: 2007
• IEC/EN 62061: 2005 SIL CL2
• EN ISO 13849-1: 2008 Category 3 PL d

Symbols, Abbreviations and Conventions

Table 1.2 Abbreviations Related to Functional Safety

cause a loss of the safety function.
MTTFd| EN ISO 13849-1| Mean Time To Failure – dangerous. Unit: years
PFH| EN IEC 61508| Probability of Dangerous Failures per Hour. Consider this value if the safety device is operated during high demand or in continuous mode of operation, where the frequency of demands for operation made on a safety-related system is greater than once per year.
PFD| EN IEC 61508| Average probability of failure on demand, value used for low demand operation.
PL| EN ISO 13849-1| Discrete level used to specify the ability of safety related parts of control systems to perform a safety function under foreseeable conditions. Levels a-e.
SFF| EN IEC 61508| Safe Failure Fraction [%]; percentage of safe failures and dangerous detected failures of a safety function or a subsystem related to all failures.
SIL| EN IEC 61508
EN IEC 62061| Safety Integrity Level
STO| EN IEC 61800-5-2| Safe Torque Off
SS1| EN IEC 61800-5-2| Safe Stop 1
SRECS| EN IEC 62061| Safety Related Electrical Control System
SRP/CS| EN ISO 13849-1| Safety Related Parts of Control Systems
PDS/SR| EN IEC 61800-5-2| Power Drive System (Safety-related)

Conventions

Numbered lists indicate procedures.
Bullet lists indicate other information and descriptions of figures. Italicized text indicates

• cross reference
• link
• parameter name

Safety

Safety Symbols

The following symbols are used in this document:

Indicates a potentially hazardous situation that could result in death or serious injury.

Indicates a potentially hazardous situation that could result in minor or moderate injury. It can also be used to alert against unsafe practices.

Indicates important information, including situations that can result in damage to equipment or property.

Qualified Personnel

The products may only be assembled, installed, programmed, commissioned, maintained, and decommissioned by persons with proven skills. Persons with proven skills.

• are qualified electrical engineers, or persons who have received training from qualified electrical engineers and are suitably experienced to operate devices, systems, plant and machinery in accordance with the general standards and guidelines for safety technology.
• are familiar with the basic regulations concerning health and safety/accident prevention.
• have read and understood the safety guidelines given in this manual and also the instructions given in the Instruction Manual of the adjustable frequency drive.
• have a good knowledge of the generic and specialist standards applicable to the specific application.

Users of PDS(SR)s are responsible for:

• Hazard and risk analysis of the application.
• Identifying safety functions required and allocating SIL or PLr to each of the functions.
• Other subsystems and the validity of signals and commands from them.
• Designing appropriate safety-related control systems (hardware, software, parameterization, etc.).

Protective measures

• Safety engineering systems may only be installed and commissioned by qualified and skilled personnel.
• Install the adjustable frequency drive in an IP54 cabinet as per IEC 60529 or in an equivalent environment. In special applications, a higher IP degree may be necessary.
• Ensure short circuit protection of the cable between terminal 37 and the external safety device according to ISO 13849-2 table D.4.
• When external forces influence the motor axis (e.g., suspended loads), additional measures (e.g., a safety holding brake) are required to eliminate hazards.

Safety Precautions

See the Safety chapter in the relevant Instruction Manual for general safety precautions.

After installation of STO, perform a commissioning test as specified in chapter 4.5 STO Commissioning Test. A passed commissioning test is mandatory after first installation and after each change to the safety installation.

RISK OF DEATH AND SERIOUS INJURY

If external forces act on the motor, e.g., in the case of vertical axis (suspended loads) – and an unwanted movement, e.g., caused by gravity, could cause a hazard, the motor must be equipped with additional measures for fall protection. For example, mechanical brakes must be installed additionally.

RISK OF DEATH AND SERIOUS INJURY

STO (i.e., removal of 24 V DC voltage supply to terminal 37) does not provide electrical safety. The STO function itself is not sufficient to implement the Emergency Off function as defined by EN 60204-1. Emergency Off requires measures of electrical isolation, e.g., by switching off line power via an additional contactor.

RISK OF ELECTRICAL SHOCK

The STO function does NOT isolate AC line voltage to the adjustable frequency drive or auxiliary circuits. Perform work on electrical parts of the adjustable frequency drive or the motor only after isolating the AC line voltage supply and waiting the length of time specified in the Safety chapter in the relevant Instruction Manual. Failure to isolate the AC line voltage supply from the unit and waiting the time specified could result in death or serious injury.

• Do not stop the adjustable frequency drive by using the STO function. If a running adjustable frequency drive is stopped by using the function, the unit trips and stops by coasting. If this is not acceptable, i.e., causes danger, stop the adjustable frequency drive and machinery by using the appropriate stopping mode before using this function. Depending on the application, a mechanical brake may be required.
• STO is suitable for performing mechanical work on the adjustable frequency drive system or affected area of a machine only. It does not provide electrical safety. STO should not be used as a control for starting and/or stopping the adjustable frequency drive.

Automatic restart behavior is only allowed in one of the two situations:

• The unintended restart prevention is implemented by other parts of the STO installation.
• A presence in the dangerous zone can be physically excluded when STO is not activated. In particular, paragraph 6.3.3.2.5 of ISO 12100: 2010 must be observed.

RISK OF DEATH AND SERIOUS INJURY

The STO function can be used for asynchronous, synchronous and permanent magnet motors. Two faults can occur in the power semiconductor of the adjustable frequency drive. When using synchronous or permanent magnet motors, a residual rotation can result from the faults. The rotation can be calculated to angle = 360/ (number of poles). The application using synchronous or permanent magnet motors must take this residual rotation into consideration and ensure that it does not pose a safety risk. This situation is not relevant for asynchronous motors.

The selection of a stop category in accordance with EN 60204-1 for each stop function must be determined by a risk assessment:

• Stop Category 0 is achieved with immediate removal of power to the servo, resulting in an uncontrolled coast to stop. STO according to EN 61800-5-2 accomplishes a Stop Category 0 stop.
• Stop Category 1 is achieved with power available to the machine servos to achieve the stop. Power is removed from the servos when the stop is achieved according to EN 61800-5-2 Safe Stop 1 (SS1).
• Stop Category 2 is a controlled stop with power available to the machine servos. The stop is followed by a holding position under power.

When designing the machine application, timing and distance should be considered for a coast to stop (Stop Category 0 or STO). For more information regarding stop categories, refer to EN 60204-1.

Installation

Safety Instructions

See chapter 2 Safety for general safety instructions.

STO Installation

For motor connection, AC line input connection, and control wiring, follow the instructions for safe installation in the Instruction Manual of the adjustable frequency drive.
For installation with the Ex-certified VLT® PTC Thermistor Card MCB 112, see chapter 3.3 Installation in combination with VLT® PTC Thermistor Card MCB 112.

Enable the integrated STO as follows:

1. Remove the jumper wire between control terminals 37 and 12 or 13. Cutting or breaking the jumper is not sufficient to avoid short circuiting. (See jumper on Figure 3.1)
   Figure 3.1 Jumper between Terminal 12/13 (24 V) and 37
   

2. Connect an external safety monitoring relay via a NO safety function to terminal 37 (STO) and either terminal 12 or 13 (24 V DC). Follow the installation instructions for the safety monitoring relay, and ensure that the safety monitoring relay complies with Category 3 /PL “d” (ISO 13849-1) or SIL 2 (EN 62061 and IEC 61508).
   1| Safety relay (cat. 3, PL d or SIL2)
   ---|---
   2| Emergency stop button
   3| Reset button
   4| Short-circuit protected cable (if not inside installation IP54 cabinet). See ISO 13849-2 Table D.4 for further information.

Figure 3.2 Installation to Achieve a Stop Category 0 (EN 60204-1) with Safety Cat. 3/PL “d” (ISO 13849-1) or SIL 2 (EN 62061 and IEC 61508).

3. Complete wiring according to the instructions given in the Instruction Manual of the adjustable frequency drive.

Installation in combination with VLT® PTC Thermistor Card MCB 112

Combination of VLT® PTC Thermistor Card MCB 112 and STO function is only available for VLT® HVAC Drive FC 102, VLT® AutomationDrive FC 302, and VLT® AutomationDrive FC 301 enclosure type A1.

VLT® PTC Thermistor Card MCB 112 uses Terminal 37 as its safety-related switch-off channel.

• Ensure that the output X44/12 of MCB 112 is AND-ed with the safety-related sensor (such as emergency stop button, safety guard switch, etc.) that activates STO. This means that the output to STO terminal 37 is HIGH (24 V) only if both the signal from MCB 112 output X44/12 and the signal from the safety-related sensor are HIGH. If at least one of the two signals is LOW, then the output to terminal 37 must be LOW too.
• Ensure that the safety device with AND-logic complies with the needed safety level.
• Short circuit protect the connection from the output of the safety device with safe AND-logic to the STO terminal 37, see Figure 3.3.
  Figure 3.3 Combination of an STO Application and an MCB 112 Application
  

Commissioning

Safety Instructions

See chapter 2 Safety for general safety instructions.

Activation of STO

The STO function is activated by removing the voltage at terminal 37 of the adjustable frequency drive. By connecting the adjustable frequency drive to external safety devices providing a safe delay, an installation for a Safe Stop 1 can be obtained. External safety devices need to fulfill Cat./PL or SIL when connected to terminal 37. The STO function can be used for asynchronous, synchronous, and permanent magnet motors.

When the STO function (terminal 37) is activated, the adjustable frequency drive issues an alarm, trips the unit, and coasts the motor to a stop. Manual restart is required.
Use the STO function to stop the adjustable frequency drive in emergency stop situations. In normal operating mode when STO is not required, use the standard stop function instead. Ensure that requirements according to ISO 12100 paragraph 6.3.3.2.5 are fulfilled before using the automatic restart function.

Parameter Settings for STO in Combination with VLT® PTC Thermistor Card MCB 112

When MCB 112 is connected, additional selections are available for 5-19 Terminal 37 Digital Input ([4] PTC 1 Alarm to [9] PTC 1 & Relay W/A).

• Selections [1] Safe Stop Alarm and [3] Safe Stop Warning are still available, but are for installations without MCB 112 or any external safety devices.
  If [1] Safe Stop Alarm or [3] Safe Stop Warning are selected and MCB 112 is triggered, the adjustable frequency drive reacts with an alarm Dangerous Failure [A72] and coasts the motor safely, without automatic restart.

• Selections [4] PTC 1 Alarm and [5] PTC 1 Warning are not to be selected when an external safety device is used. Those selections are for when only MCB 112 uses the STO.
  If selection [4] PTC 1 Alarm or [5] PTC 1 Warning is selected and the external safety device triggers STO, the adjustable frequency drive issues an alarm Dangerous Failure [A72] and coasts the motor safely, without automatic restart.

• Select [6] PTC 1 & Relay A to [9] PTC 1 & Relay W/A for the combination of external safety device and MCB 112.

Selections allow for automatic restart when the external safety device is de-activated.

Before selecting [7] PTC 1 & Relay W or [8] PTC 1 & Relay A/W, ensure that:

• The unintended restart prevention is implemented by other parts of the STO installation, or
• A presence in the dangerous zone can be physically excluded when STO is not activated. In particular, paragraph 6.3.3.2.5 of ISO 12100:2010 must be observed.

See VLT® PTC Thermistor Card MCB 112 Instruction Manual for further information.

Automatic/Manual Restart Behavior

By default the STO function is set to unintended restart prevention behavior. To terminate STO and resume normal operation:

1. Reapply 24 V DC supply to Terminal 37.
2. Give a reset signal (via Bus, Digital I/O, or [Reset] key).

Set the STO function to automatic restart by setting the value of 5-19 Terminal 37 Digital Input from default value [1]* Safe Stop Alarm to value [3] Safe Stop Warning.
Automatic restart means that STO is terminated, and normal operation is resumed, as soon as the 24 V DC is applied to terminal 37. No reset signal is required.

STO Commissioning Test

After installation and before first operation, perform a commissioning test of the installation, using STO. Perform the test again after each modification of the installation or application involving the STO.

A successful commissioning test of the STO function is required after the initial installation, and after each subsequent change to the installation.

To perform a commissioning test:

• follow the instructions in chapter 4.5.1 Restart Prevention for STO Application for applications without automatic restart after a safe stop, or
• follow the instructions in chapter 4.5.2 Automatic Restart of STO Application for applications with automatic restart after a safe stop.

Restart Prevention for STO Application

Application where 5-19 Terminal 37 Digital Input is set to default value [1]* Safe Stop Alarm or combined STO and MCB 112 where 5-19 Terminal 37 Digital Input is set to [6] PTC 1 & Relay A or [9] PTC 1 & Relay W/A:

1. Remove the 24 V DC voltage supply to terminal 37 using the interrupt device while the adjustable frequency drive drives the motor (that is line power supply is not interrupted).

2. Check that:
   2a The motor coasts.
   2b The mechanical brake activates (if connected).
   2c The alarm Safe Stop [A68] displays in the local control panel (LCP), if mounted.

3. Reapply 24 V DC to terminal 37.

4. Ensure that the motor remains in the coasted state, and the mechanical brake (if connected) remains activated.

5. Send reset signal (via Bus, Digital I/O, or [Reset] key).

6. Ensure that the motor becomes operational again.

The commissioning test is successfully completed when all the above steps are passed.

Automatic Restart of STO Application

Application where 5-19 Terminal 37 Digital Input is set to [3] Safe Stop Warning or combined Safe Torque Off and MCB 112 where 5-19 Terminal 37 Digital Input is set to [7] PTC 1 & Relay W or [8] PTC 1 & Relay A/W):

1. Remove the 24 V DC voltage supply to terminal 37 by the interrupt device while the adjustable frequency drive drives the motor (that is line power supply is not interrupted).

2. Check that:
   2a The motor coasts.
   2b The mechanical brake activates (if connected).
   2c The alarm Safe Stop [A68] displays in the local control panel (LCP), if mounted.

3. Reapply 24 V DC to terminal 37.

4. Ensure that the motor becomes operational again.

The commissioning test is successfully completed when all the above steps are passed.

See the warning on the restart behavior in chapter 2.3 Safety Precautions.

System Configuration Security

• Security measures are the responsibility of the user.
• The adjustable frequency drive parameters can be password-protected.

Service and Maintenance

Conduct a functional test every 12 months to detect any failure or malfunction of the STO functionality.

To conduct the functional test, perform the following steps:

1. Remove the 24 V DC voltage supply at terminal 37.
2. Check if the LCP displays the alarm Safe Stop A68.
3. Verify that the adjustable frequency drive trips the unit.
4. Verify that the motor is coasting and comes to a complete stop.
5. Verify that the motor cannot be started.
6. Reconnect the 24 V DC voltage supply to terminal 37.
7. Verify that the motor is not started automatically and restarts only by giving a reset signal (via Bus, Digital I/O, or [Reset] key).

STO Technical Data

For technical specifications and operating conditions for the adjustable frequency drive, refer to the relevant Instruction Manual of the adjustable frequency drive.

The STO signal must be SELV or PELV supplied.

Table 5.1 Technical Data

EN IEC 62061
EN IEC 61800-5-2
EMC Directive (2004/108/EC)| EN 50011
EN 61000-6-3
EN 61800-3
Low Voltage
(2006/95/EC)| EN 50178
EN 61800-5-1
Safety Standards| Safety of Machinery| EN ISO 13849-1, IEC 62061, IEC 60204-1
Functional Safety| IEC 61508-1 to -7, IEC 61800-5-2
Safety Function| | IEC 61800-5-2| IEC 60204-1
Safe Torque Off (STO)| Stop Category 0
Safety Performance| ISO 13849-1
Category| Cat 3
Diagnostic Coverage| DC: 90% (Medium)
Mean Time to Dangerous Failure| MTTFd: 14000 years (High)
Performance Level| PL d
IEC 61508 / IEC 62061
Safety Integrity Level| SIL 2, SIL CL2
Probability of Dangerous Failure per Hour| PFH: 1E-10/h
(High Demand Mode)
Probability of Dangerous Failure on Demand| PFD: 1E-10
(Low Demand Mode)
Safe Failure Fraction| SFF: > 99%
Hardware Fault Tolerance| HFT: 0 (1oo1)
Proof Test Interval T1| 20 Years
Mission time TM| 20 Years
Reaction time| Input to output response time| Maximum 20 ms

SISTEMA Data

Functional safety data are available from a data library for use with the SISTEMA calculation tool from the IFA (Institute for Occupational Safety and Health of the German Social Accident Insurance), and data for manual calculation. SISTEMA is available for download at www.danfoss.com/BusinessAreas/DrivesSolutions/SISTEMA/.

www.danfoss.com/drives

Danfoss shall not be responsible for any errors in catalogs, brochures or other printed material. Danfoss reserves the right to alter its products at any time without notice, provided that alterations to products already on order shall not require material changes in specifications previously agreed upon by Danfoss and the Purchaser. All trademarks in this material are property of the respective companies. Danfoss and the Danfoss logotype are trademarks of Danfoss A/S. All rights reserved.

Customer Support

Danfoss A/S
Ulsnaes 1
DK-6300 Graasten
www.danfoss.com/drives

References

• Global AC drive manufacturer - Danfoss Drives | Danfoss

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>