SIEMENS
SINAMICS S150 NEMA
Engineering Information
3
Siemens D21.7
(Part 2) – 2015
Safety Integrated – Description of functions
(continued)
SP
G_D211_XX_00309
Safe Position (SP)
The The SP function transfers the actual position values
determined safely in the drive over safe PROFIsafe
communication to a safety control.
Effect
In contrast to the SLP function that monitors the current
actual position value against a limit and, in the case of an
overshoot, activates a drive-integrated fault reaction, SP
transfers the current actual position values to the safety
control. Position monitoring is implemented in the safety
program of the control. Extended PROFIsafe telegrams are
available for transferring the position values. The position
values can be transferred either in 16-bit- or 32-bit
resolution. A time stamp is also transferred with the
position values.
Application
The SP function can be used to create tailored safety
concepts. It is ideal for use on machines that require flexible
safety functions. It is extremely versatile and can be used,
for example, to implement safe, axis-specific range detection
by means of the Safe
(SCA) function. The SP function is
also suitable for developing cross-axis safety concepts,
multi-dimensional protection zones and zoning concepts.
Customer benefits
Position monitoring or speed monitoring is implemented
in the safety program of the control, so the user has the
flexibility to develop tailor-made safety functions. The
reaction to a limit overshoot must also be specified in
the safety program. While this requires more initial
programming work, it also makes it possible to initiate a
variety of different, situation-specific fault responses
Safe Position (SP)
The principle of operation of Safety Integrated
Two independent switch-off signal paths
Two mutually independent switch-off signal paths are
provided. All switch-off signal paths are low active. This
therefore ensures that when a component fails or there is a
wire break, the system always transitions to the safe state.
When a fault is detected in the switch-off signal paths, the
“Safe Torque Off” or “Safe Stop 1” function (depending on
the parameterization, also refer to the table at the end of
this chapter) is activated and a restart is prevented.
Two-channel monitoring structure
All of the hardware and software functions important for
Safety Integrated are implemented in two mutually
independent monitoring channels (e.g. switch-off signal
paths, data management, data comparison). A cyclic data
cross-check is carried out on the safety-relevant data in the
two monitoring channels.
The monitoring functions in each monitoring channel are
based on the principle that before a particular action, there
must be a defined state, and after the action there must be
a specific feedback.
If this expectation is not fulfilled in a monitoring channel,
then the drive is shut down in both channels and an
appropriate message output.
Forced checking procedure using a test stop
In order to fulfill the requirements of EN ISO 13849-1 and
IEC 61508 with respect to early fault detection, the func-
tions and the switch-off signal paths must be tested within
a specific time period at least once to ensure that they are
operating correctly. This must be realized either cyclically
and manually or the test stop must be automatically initiated
as part of the process. The test stop cycle is monitored and
an alarm is issued if a test stop is not initiated within the
required time period. A test top does not require a power
on. The process is acknowledged by deselection of the test
stop request.
Examples of execution of forced checking procedure
• When the drives are stationary after power-up of the system
• Before the protective door is opened
• In a specified rhythm (e.g. in an 8-hour cycle)
• In automatic mode, time-driven and event-driven
3/25