Commissioning

The safety features of the AKD2G only fulfill their purpose and can only function properly when the machine was developed according to ISO 12100, ISO 13849 and EN 62061. Depending on the use case, further standards may apply.
The machine manufacturer is responsible for proper and safe commissioning. Violating the applicable standards can result in potential unsafe conditions or dangerous machine behavior. Only properly qualified and trained personnel are permitted to perform the following tasks.

First time commissioning

Situation Action

Before commissioning
  • A risk assessment must be carried out, covering all risks originating from the machine.
  • Safety functions for risk reduction require sufficient definition such as functionality, PLr / SIL, reaction times, etc. Analyze your machine accordingly.
  • The safety functions must be specified: components, SIL/PL, PFHd, category, TM, CCF measures for tests like SBT, MTTFd, DC, combinations of functions, etc..
  • Take precautionary measures against foreseeable misuse or manipulation which result in bypassing the safety functions.
  • Calculate and analyze whether the specified safety chain is sufficient to reach the required PLr / SIL.
  • Set up a commissioning plan that specifies all actions of the verification and validation.
  • Take quality assurance measures for all steps such as: reviews, FMEAs, independent and qualified personnel, and four-eyes principle.

During commissioning
  • Verify that the hardware configuration is set up as specified (components, architecture, wiring, CCF measures, etc.).
  • Verify that the software configuration is done according to the specification. Suitable measures can be: reviews, black-box tests, simulations, and function tests. Make sure that only the required functions are configured.
  • Make sure that the safety functions are executed as expected and that the configuration is suitable for the application. Suitable measures are function tests and fault injection tests (error condition tests).
  • Validate the machine Validation Test the final product with all safety functions and in all operation modes and states.
  • Validate that the safety functions do not interfere with each other or other functions in an undesired way. If used, check if all instances are assigned to the right use cases. Pay special attention to the correct use of safety function muting.
  • Make sure that all safety functions and all possible situations are covered by the validation process.
  • Document all actions and decisions according to the requirements of the standards Validation Report.
  • The switching state of the pulse inhibitor (➜ # 1, AXIS#.SAFE.STO.ACTIVE) can be mapped to a safe digital output of the AKD2G

After commissioning
  • Document and validate all information relevant to the end user in a suitable way. This includes the capabilities and limitations of the safety functions as well as maintenance instructions.
  • Change default passwords and store them somewhere inaccessible to unqualified or unauthorized personnel. Protect the hardware from unwanted or unauthorized modifications.

For detailed information refer to the applicable standards.

 

Recommissioning

Situation Action

After disassembling,
reassembling or
drive replacement
(➜ # 1, Field Replacement)
  • Verify the correct reassembling according to the original specification.
  • Verify that the correct safe parameter package was uploaded to the correct drive.
  • Check all components and wiring for correct installation and for signs of damage.
  • Carry out function tests and fault injection tests again.
  • Validate all functions and combinations of functions again.

After long standstill
  • Check all components for their TM and signs of damage or unacceptable wear. Components that have exceeded their TM or show signs of damage need to be replaced.

After modification
  • Reevaluate and revalidate the safety functions according to (➜ # 1, First time commissioning)
  • Alternatively: Set up a modification process by carrying out an analysis to identify all possible influences on safety. Reverify the affected aspects and revalidate the machine.
  • Update your documentation and end user information accordingly.

Modifying safety functions could void certifications and approvals from notified bodies. Contact your notified body for further information.

Only properly qualified and trained personnel is permitted to perform these tasks.

Diagnostic Testing of safe inputs, safe outputs and STO

Safe inputs require test pulses (➜ # 1, OSSD) and there is no further requirement for diagnostic testing of the input wiring. There may however be additional diagnostic requirements for the device connected to the safe input.

STO is continuously diagnosed internally. There is no further requirement for diagnostic testing.

Diagnostic Testing of safe brake control

The BRAKE+ and BRAKE- emit test pulses Test Pulses. There is no further requirement for diagnostic testing of the brake wiring. Depending on the target SIL/PL, there is a periodic requirement to test the brake itself, see documentation on SBC (Safe Brake Control) SBC (Safe Brake Control) and SBT (Safe Brake Test) SBT (Safe Brake Test).