Functional Example CD-FE-I-051-V20-EN

Safety-related controls SIRIUS Safety Integrated

Emergency Stop with circuit breaker contactor combination according to category 3 of EN 954-1, SIL 2 according to EN 62061 PL d according to EN ISO 13849-1: 2006 with a SIRIUS safety relay 3TK28

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

Preliminary comment "Safety Integrated" Functional Examples are functional, tested automation configurations based on I IA/DT standard products intended for simple, quick and economic implementation of automation tasks involving safety technology. Each of these Functional Examples covers one frequently occurring aspect of a typical customer problem in the field of safety technology. In addition to a list of all of the necessary software and hardware components, and a description of their interconnection, the Functional Examples also contain tested and commented codes. This enables the functions described here to be adapted quickly and thus used as a basis for individual extensions. Important note Safety Functional Examples are non-binding and do not claim to be complete with regard to configuration, equipment or to any contingency. The Safety Functional Examples are not customerspecific solutions. They are merely intended to assist in dealing with typical problems. You are solely responsible for the correct operation of the described products. These Safety Functional Examples do not relieve you of your responsibility for safe usage, installation, operation and maintenance. By using these Safety Functional Examples, you accept that Siemens is not liable for any damage beyond the liability described above. We reserve the right to make changes to these Safety Functional Examples at any time, without prior notice. If the suggestions in these Safety Functional Examples deviate from other Siemens publications (e.g. catalogs), the contents of the other document have priority.

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

I IA CE Safety Integrated

Page 2/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

Table of contents

1 2 2.1 2.2 3 4 4.1 4.2 5 5.1 5.2 5.3 5.4 6 7 8

Guarantee, liability and support.................................................................... 4 Function........................................................................................................... 5 Description of the functionality.......................................................................... 5 Advantages / Customer benefits....................................................................... 5 Components required .................................................................................... 6 Structure and wiring....................................................................................... 7 An overview of the hardware structure ............................................................. 7 Connecting-up the hardware components ........................................................ 8 Evaluation acc.to IEC 62061 and EN ISO13849-1:2006 ............................... 8 Safety function .................................................................................................. 8 Evaluation according to EN 62061 ................................................................... 9 Evaluation according to EN ISO 13849-1:2006 .............................................. 10 Summary ........................................................................................................ 11 Internet link information............................................................................... 12 Contact partners ........................................................................................... 12 History ........................................................................................................... 12

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

I IA CE Safety Integrated

Page 3/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

Guarantee, liability and support

We are not liable for any of the information contained in this document. We are not liable for any damage caused by the use of the examples, information, programs, configuration and performance data, etc. described in this Safety Functional Example, independent of the legal ground this is based upon, unless we are imperatively liable according to the product liability law due to, e.g., cases of premeditation, an act of gross negligence, injury to life, body or health, or unless the quality of a product has been guaranteed, or due to fraudulent concealment of a defect or serious breach of contract. Damages due to serious breach of contract are, however, restricted to prevalent and foreseeable contractual damages, in as much as there is no premeditation or gross negligence nor imperative liability due to injury to life, body or health. This does not constitute a change in the burden of proof to your disadvantage.

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

Copyright2009 Siemens I IA/DT. It is not permissible to transfer or copy these Safety Functional Examples or excerpts of them without first having prior authorization from Siemens I IA/DT in writing.

I IA CE Safety Integrated

Page 4/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

2
2.1

Function
Description of the functionality If people (in production technology) are close to machines, then they must be protected using the appropriate equipment. The Emergency Stop control device represents a widely established component that protects man, machine and environment against potential hazard. In this Safety Functional Example, the Emergency Stop control device with two positive opening contacts is monitored using a safety relay according to Category 3 in compliance with EN 954-1. When the Emergency Stop is activated, the safety relay switches off the downstream contactor with mirror contacts via safe relay outputs according to stop category 0 in compliance with EN 60204-1. If the contact is welded, the circuit breaker is tripped via the undervoltage release. In this particular example, a drive is stopped. Before restarting or acknowledging the Emergency Stop shutdown using the start button, it is checked as to whether the contacts of the Emergency Stop control device are closed and the motor starter has been shut down.
Note Equipment, functional aspects and design guidelines for Emergency Stop can be found in EN ISO 13850. EN 60204-1 must also be observed.

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

Note Depending on the application, the delay time set on the 3TK28 must be such that nobody is at risk during this time.

2.2

Advantages / Customer benefits Pure hardware engineering without software configuration Minimal and simple wiring Space-saving design thanks to compact safety combination Easily expandable with expansion devices Only one contactor is required in combination with a circuit breaker No additional hardware required

I IA CE Safety Integrated

Page 5/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

3
Table 3-1
Components

Components required

Hardware components
Type 1NC 40mm mushroom pushbutton with yellow top, without protective collar 1NC contact block for base mounting 3TK2827 Empty command point enclosure 1NO contact block for base mounting Black pushbutton with flat button, 22 mm nominal diameter Optional: "Start" label Empty command point enclosure 1NC contact block for base mounting Black pushbutton with flat button, 22 mm nominal diameter Circuit breaker 3RV Undervoltage release 24 V DC Contactor, AC-3, 3 KW/400 V, 1NC, 24 V DC, 3-pole, size S00, screw terminal Auxiliary switch block 2NC/2NO Order no / Order information 3SB3 801-0DG3 1 3SB3 420-0C 3TK2827-2BB41 3SB3 801-0AA3 3SB3 420-OB 3SB3 000-0AA11 1 3SB3 906-1EL 3SB3 801-0AA3 3SB3 420-OC 3SB3 000-0AA11 1 3RV2011-4AA10 3RV2902-1AB4 3RT2018-1BB41 1 1 1 1 1 1 Siemens AG Qty Manufacturer

Emergency stop

1 1 1 1

Safety relay

Start button

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

Test button

Circuit breaker

Contactor Q1

3RH2911-4GA22

Note

The functionality was tested with the hardware components listed above. Similar products not found in this list (e.g. a different 3TK28 safety relay) may also be used. If this is the case, please consider that changes to the wiring of the hardware components (e.g. different terminal assignment) might be required.

I IA CE Safety Integrated

Page 6/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

4
4.1

Structure and wiring

An overview of the hardware structure "Detect" Emergency stop Safety relay 3TK28 Q1

Start

Test "Respond"

L1 L2 L3

"Evaluate"
Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

Q11

Note To avoid an undetected fault accumulation, the circuit breaker must be tested after 6 to 12 months at the latest. This test configuration must be documented in the description of the safety function and in the operating instructions (of the machine). In addition, any tests carried out have to be verifiably documented by the user during th use phase.

I IA CE Safety Integrated

Page 7/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

4.2

Connecting-up the hardware components

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

5
5.1

3TK2827

Evaluation acc.to IEC 62061 and EN ISO13849-1:2006

Safety function

Comments Emergency Stop is not a means of risk mitigation. Emergency Stop is a "Supplementary Safety Function" Safety function Further considerations are based on the following safety functions:
Supplementary safety function
SF 1 The motor must be switched off when EMERGENCY STOP is actuated

The safety functions listed above are evaluated below according to the two standards EN 62061 and EN ISO 13849-1: 2006.

I IA CE Safety Integrated

Page 8/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

5.2

Evaluation according to EN 62061

Parameters for the calculation of PFHD for "Detection" (Emergency Stop) and "Responding" (contactor) (the circuit breaker is used for fault reaction) Parameters Value Reason Definition
B10 Emergency Stop contactorr Proportion of hazardous failures Emergency Stop contactor T1 Service life C Number of operations Emergency Stop Number of operations of contactor
Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

1 * 10 6 1 * 10 Manufacturer specifications 0.2 0.75 175,200 hrs (20 years) 6 * 10 / hrs

-3

Manufacturer specifications

Siemens

(20%) (75%) Manufacturer specifications Assumptions: Actuated once per week (7 * 24 hours) (Emergency Stop test). Actuations can take place every day of the year (365 days) The contactor is always activated and only operated when the Emergency Stop is actuated. When the EMERGENCY STOP is actuated, a defective contact is detected in the 3TK. An actuation takes place every week (7 * 24 hours) (see "C"). When actuated, a defective contactor is detected in the 3TK. An actuation takes place every week (7 * 24 hours) (see "C"). If installed according to EN 62061, a CCF factor of 0.1 (10%) can be assumed. With this value, the user errs on the side of caution ("conservative value"). Discrepancy evaluation for EMERGENCY STOP; Evaluation of read-back signal (positively-driven contacts) of the contactor

6 * 10 / hrs 168hrs

-3

T2 Diagnostics test interval Emergency Stop

contactor (CCF factor) Proneness toward failures as a result of common cause DC degree of diagnostic coverage EMERGENCY STOP Contactor

168hrs 0.1

User

0.99 (99%) 0.90 (90%)

Evaluation parameters
Parameter PFHD (3TK) Component 3TK2827 Value 2.62 * 10-9 Definition Siemens

Result EN 62061 SIL CL Detect Evaluate Respond 3 3 2

Hardware arror tolerance: HFT = 1 Proportion of safe failures: SFF 0.99 (99%) Manufacturer specifications Hardware arror tolerance:: HFT = 0 Proportion of safe failures: SFF 0.90 (90%), The achievable SIL (SILCL) is restricted to SIL 2, as an elimination of faults is used which can lead to a hazardous failure.
-10

PFHD
Architcture: Basic subsystem architecture D Manufacturer specifications Architcture: Basic subsystem architecture D

1.2 * 10

2.62 * 10-09 4.5 * 10-11

Result

SIL CL of all tasks of the supplementary safety function is restricted to 2. PFHD (=2.78 * 10-08) of the entire supplementary safety function fulfills SIL 2.

I IA CE Safety Integrated

Page 9/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

5.3

Evaluation according to EN ISO 13849-1:2006

Emergency Stop contactor

Parameters for the calculation of MTTFd for "Detection" (Emergency Stop) and "Responding" (contactor) (the circuit breaker is used for fault reaction) Parameter Value Reason Definition Manufacturer specifications B10 5
1 * 10 1 * 106 Siemens

Proportion of hazardous failures

Emergency Stop contactor

Manufacturer specifications

dop hop

Mean operating time in days per year Mean operating time in hours per day

0.2 0.75 365 Days per year 24 hours per Day

(20%) (75%) Assumption: Actuation takes place every day of the year User Assumption:

tCycle

Mean time between the start of two consecutive cycles of the component Emergency Stop
Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

168h/cycle 168h/cycle

contactor

There is an interval of one week between actuations of the Emergency Stop (Emergency Stop test) and the contactor (7 * 24 hours).

Interim results:
Interim result MTTFd DC Emergency Stop DC contactor high high medium Reason
MTTFd 30 years DC=99%; discrepancy evaluation

Measures against CCF Category Emergency Stop Category contactor

fulfilled 4 2

DC=90%; The diagnostic capability of the power contactor can be assumed to be 99% due to its mirror contacts. It must be taken into consideration that this diagnostic capability on its own can trigger or even prevent the fault reaction. This fact must really be taken into account. There should therefore be a worst-case assessment with a reduced degree of diagnostic coverage of 90% instead of 99% and the corresponding dangerous failure rate increased accordingly. It is assumed that the necessary measures are taken by the user. System behavior: A single fault does not result in the loss of the safety function. MTTFd: high, DC: high, measures against CCF: fulfilled In the event of a failure (welding of the main contacts) of the power contactor, there is a sufficiently prompt fault reaction: The circuit breaker is triggered via undervoltage release. This is thus a 1-channel architecture with a specified fault reaction. In addition, the power contactor and the circuit breaker are proven components according to ISO 13849-2.

Parameter Evaluate
Parameter PFHD (3TK) Components 3TK2827 Value 2.62 * 10-9 Definition Siemens

I IA CE Safety Integrated

Page 10/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

Result PL Detect Evaluate Respond Result e e d d EN ISO 13849-1:2006 Average probability of a hazardous failure per hour 2.47 * 10-08 (from Annex K; see note) 2.62 * 10-09 2.29 * 10-07 (from Annex K; see note)

PL of all tasks of the supplementary safety function is at least d. The number of tasks is less than or equal to 3. Note: The MTTFd for each channel is limited to max. 100 years!

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

5.4

Summary EN 62061 SIL CL PFHD EN ISO 13849-1:2006 Average probability of a hazardous failure per hour 2.47 * 10-08 2.62 * 10-09 2.29 * 10-07 PL d

PL e e d

Detect Evaluate Respond Result

3 3 2

1.2 * 10-10 2.62 * 10-09 4.5 * 10-11 SIL2

I IA CE Safety Integrated

Page 11/12

CD-FE-I-051-V20-EN

Emergency Stop with circuit breaker contactor combination in Category 3 according to EN 954-1

Article-ID: 38472027

Internet link information

Table 6-1

Topic \1\
FAQ for same application

Title
http://support.automation.siemens.com/WW/view/de/40349715

Contact partners
Technical Assistance for low-voltage switchgear
In person from Mon - Fri. 8.a.m to 5 p.m (CET) Phone: +49 (911)-895-5900 E-Mail: technical-assistance@siemens.com Internet: www.siemens.com/industrial-controls

Copyright Siemens AG 2009 All rights reserved CD-FE-I-051-V20-DE

by fax 24 hrs a day Fax: +49 (911)-895-5907

History
Table 8-1 History

Version V1.0 V1.1

Date 08.09.2009 19.05.2010 First issue

Change Modifications in the evaluations according to the standards.

I IA CE Safety Integrated

Page 12/12

CD-FE-I-051-V20-EN