Safety Properties Overview

General properties Values

Hardware fault tolerance (IEC 61508)

HFT = 1

Classification element (IEC 61508)

Type B subsystem

Systematic capability

SC = 3

Mission time

TM = 20 Years

Proof test interval

> 20 Years

Safe failure fraction

SFF = 99%

PFH fraction of SIL 3

1.7%

Probability of dangerous failure per hour

PFHd = 1.7E-09 1/h

Mean time to dangerous failure

MTTFD = 55.6 Years

Diagnostic coverage

DCAVG = 99.6%

Common cause failure (see annex F of ISO 13849-1)

CCF: score = 75

Calculation example for safety chain PFHd:

  • Safety PLC that is the FSoE master.
  • EtherCAT cabling etc.
  • Two drives configured for STO activation over FSoE.

Contribution to the safety chain of the safety PLC: PFHPLC refer to manufacturer data.
Contribution to the safety chain of using FSoE via EtherCAT cabling etc. is 1.0E-9 1/h.
Contribution to the safety chain of the two drives PFHd is 2 x 1.7E-9 1/h.

Total value: PFHd = PFHPLC + 2 x 1.7E-9 1/h + 1.0E-9 1/h = PFHPLC + 4.4E-9 1/h

Activation by FSoE

Safety Function

ISO 13849-1

IEC 62061

Maximum
Response Time

Comment

STO

PLe, Cat.4

SIL 3

< 10 ms

 

SS1-t

PLe, Cat.4

SIL 3

< 10 ms

followed by STO*

SS1-r

PLe, Cat.4, SIL 3 or
PLd, Cat.3, SIL 2
(limited by the safe encoder)

< 10 ms

followed by STO*

SS2

followed by SOS

SOS, SSM, SSR, SCA, SDI,
SLA, SLI, SLP, SLS, SAR

 

* = configured delay (time to STO) see AXIS#.SAFEPARAM.SS1_#​.TIMETOSTO.

Activation by Safety Functions

Safety Function

ISO 13849-1

IEC 62061

Maximum
Response Time

Comment

SBC with one brake

PLd, Cat.3

SIL 2

< 10 ms

Needs to be configured for
activation during STO process

SBC with two brakes

PLe, Cat.4

SIL 3

< 10 ms

SDB single channel

PLd, Cat.3

SIL 2

< 10 ms

SDB dual channel

PLe, Cat.4

SIL 3

< 10 ms