Application example 10/2015

Emergency Stop in PL e
SINUMERIK Safety Integrated
 Warranty and liability

Warranty and liability

Note The Application Examples are not binding and do not claim to be complete
regarding the circuits shown, equipping and any eventuality. The Application
Examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These application examples do not
relieve you of the responsibility to use safe practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
Application Examples at any time without prior notice.
If there are any deviations between the recommendations provided in these
application examples and other Siemens publications – e.g. Catalogs – the
contents of the other documents have priority.

We do not accept any liability for the information contained in this document.

Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
 Siemens AG Copyright year All rights reserved

Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,

body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of a condition which goes to the root of the contract
(“wesentliche Vertragspflichten”). The damages for a breach of a substantial
contractual obligation are, however, limited to the foreseeable damage, typical for
the type of contract, except in the event of intent or gross negligence or injury to
life, body or health. The above provisions do not imply a change of the burden of
proof to your detriment.

Any form of duplication or distribution of these Application Examples or excerpts

hereof is prohibited without the expressed consent of the Siemens AG.

Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, solutions, machines, equipment and/or
tion networks. They are important components in a holistic industrial security
concept. With this in mind, Siemens’ products and solutions undergo continuous
development. Siemens recommends strongly that you regularly check for
product updates.
For the secure operation of Siemens products and solutions, it is necessary to
take suitable preventive action (e.g. cell protection concept) and integrate each
component into a holistic, state-of-the-art industrial security concept. Third-party
products that may be in use should also be considered. For more information
about industrial security, visit http://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-
specific newsletter. For more information, visit
http://support.industry.siemens.com.

Short title of application

Entry-ID:109479356, 10/2015 2
 Table of contents

Table of contents
Warranty and liability .................................................................................................2 
1  Task ...................................................................................................................4 
2  Description of the safety function ...................................................................5 
2.1  Principle of operation of the safety functions .......................................5 
2.1.1  Emergency Stop in PL e for SINUMERIK 840D sl with
SINUMERIK Safety Integrated ............................................................5 
2.1.2  Emergency Stop in PL e for SINUMERIK 840D sl with
SINAMICS Safety Integrated Basic Functions .....................................6 
3  Determining the Performance Level ...............................................................7 
3.1  Emergency Stop in PL e for SINUMERIK 840D sl with
SINUMERIK Safety Integrated ............................................................7 
3.1.1  Block diagram ......................................................................................7 
3.1.2  Components used ...............................................................................8 
3.1.3  Calculation...........................................................................................8 
3.2  Emergency Stop in PL e for SINUMERIK 840D sl with
SINAMICS Safety Integrated Basic Functions .....................................9 
3.2.1  Block diagram ......................................................................................9 
3.2.2  Components used ...............................................................................9 
3.2.3  Calculation.........................................................................................10 
 Siemens AG Copyright year All rights reserved

Short title of application

Entry-ID:109479356, 10/2015 3
 1 Task

1 Task
In conjunction with Safety Integrated, SINUMERIK 840D sl/SINAMICS S120 safety
functions comply with Performance Level d.
The architecture requirements of category 4 can be achieved by using a safety
relay and power contactor as an additional switch-off signal path. This example
demonstrates that Performance Level e according to ISO 13849 can be achieved.
 Siemens AG Copyright year All rights reserved

Short title of application

Entry-ID:109479356, 10/2015 4
 2 Description of the safety function

2 Description of the safety function

As a general rule, a safety function consists of the subfunctions “Sensing”,
“Evaluating” and “Responding”. Safety sensors such as EMERGENCY STOP
buttons, position switches or light curtains, are part of the “Sensing” subfunction.
Safety relays or safety controls belong to the “Evaluating” subfunction, whereas
safety actuators such as contactors or drives with integrated safety functions
belong to the “Responding” subfunction.
Only two safety functions are considered in this application example.
 Emergency Stop in PL e for SINUMERIK 840D sl with SINUMERIK Safety
Integrated
 Emergency Stop in PL e for SINUMERIK 840D sl with SINAMICS Safety
Integrated Basic Functions

2.1 Principle of operation of the safety functions

2.1.1 Emergency Stop in PL e for SINUMERIK 840D sl with SINUMERIK
Safety Integrated
 Siemens AG Copyright year All rights reserved

In this example, the Emergency Stop pushbutton is wired to a 3SK safety relay
through two channels. If the Emergency Stop pushbutton is now actuated, this is
instantaneously signaled to the safety-relevant programmable logic of SINUMERIK
Safety Integrated via a safe input module. SINUMERIK 840D sl/SINAMICS S120
stops the drive with a STOP C/A.
Power contactors K1 and K2 disconnect the drive from the line supply with a
specific time delay.

Figure 2-1

Short title of application

Entry-ID:109479356, 10/2015 5
 2 Description of the safety function

2.1.2 Emergency Stop in PL e for SINUMERIK 840D sl with SINAMICS Safety

Integrated Basic Functions

In this example, the Emergency Stop pushbutton is wired to a 3SK safety relay
through two channels. If the Emergency Stop pushbutton is now actuated, the drive
is stopped using SS1 via terminals X122.4 and M on the NCU and EP +24V and
EP M; it is then switched into STO. Power contactor K1 disconnects the drive from
the line supply with a specific time delay.

Figure 2-2
 Siemens AG Copyright year All rights reserved

Short title of application

Entry-ID:109479356, 10/2015 6
 3 Determining the Performance Level

3 Determining the Performance Level

Both versions meet the architecture requirements in accordance with category 4.
In order to verify that Performance Level e is also fulfilled in accordance with ISO
13849-1, the reliability of the circuit and the components used must also be
determined.

3.1 Emergency Stop in PL e for SINUMERIK 840D sl with SINUMERIK

Safety Integrated

Based on the functionality of SINUMERIK Safety Integrated, PL d can be achieved

for the Emergency Stop function.
PL e for Emergency Stop is achieved using the 3SK safety relay as well as power
contactors K1 and K2.
As a consequence, SINUMERIK 840D sl is not included in the calculation of the
"Emergency Stop" safety function.
 Siemens AG Copyright year All rights reserved

3.1.1 Block diagram

Figure 3-1
Relay
B10d = 1.000.000

K1

I1 L1
Emergency stop Safety relay
button 3SK1121-.CB4.
3SB3 3,70 x 10-09
B10d = 100.000 K2
Relay
B10d = 1.000.000

Short title of application

Entry-ID:109479356, 10/2015 7
 3 Determining the Performance Level

3.1.2 Components used

A component from the 3SB3 range was used as Emergency Stop pushbutton with
a B10d value of 100,000.
-09
The 3SK safety relay has a PFH value of 3.70 x 10 .
A B10d value of 1,000,000 was used as basis for the power contactors.
When calculating the PFH value, for the safety function it was assumed that the
Emergency Stop pushbutton is actuated once a day.
The diagnostics coverage is 99%.

3.1.3 Calculation

With the assumptions made in Section 3.1.2, the following PFH values are
obtained for the individual components:

Designation in the Component PFH value

block diagram
 Siemens AG Copyright year All rights reserved

I1 Emergency Stop 2.47 x 10-08

pushbutton
L1 Safety relay 3.70 x 10-09
K1/K2 Power contactors 2.47 x 10-08

Total 5.31 x 10-08

Table 3-1

The safety function has an overall PFH value of 5.31 x 10-08 and therefore complies
with the requirements laid down for PL e.
Please refer to SET or the SISTEMA project for detailed calculations.

Short title of application

Entry-ID:109479356, 10/2015 8
 3 Determining the Performance Level

3.2 Emergency Stop in PL e for SINUMERIK 840D sl with SINAMICS Safety

Integrated Basic Functions

In this example, the Safety Integrated Basic Functions of SINAMICS are used for
STO (Safe Torque Off).
SINAMICS Safety Integrated Basic Functions comprise:
 Safe Torque Off (STO)
 Safe Stop 1 (SS1)
 Safe Brake Control (SBC)
In this example, it is assumed that a machine is equipped with one spindle and 4
servo axes. It was also assumed that all axes are equipped with single-axis motor
modules.
An NCU 730.3B PN of SINUMERIK 840D sl was used as basis.
It has to be verified that with the STO function integrated in the SINAMICS S120, in
conjunction with a safety relay and an additional power contactor, a PL e can be
achieved for the Emergency Stop.

3.2.1 Block diagram

 Siemens AG Copyright year All rights reserved

Figure 3-2
Relay
B10d = 1.000.000

K1

I1 L1

Emergency stop Safety relay

button 3SK1121-.CB4.
3SB3 3,70 x 10-09
B10d = 100.000 L2 L3 L4 L5 L6 L7
4,29 x 10-08
SINUMERIK 840D sl
NCU 730.3B PN
6FC5373-0AA30-0AA1
SINAMICS
PFH = 1,00 x 10-08
motor module
6SL312x-1xExx-xAx4
PFH = 1,00 x 10-08

3.2.2 Components used

A component from the 3SB3 range was used as Emergency Stop pushbutton with
a B10d value of 100,000.
The safety relay has a PFH value of 3.70 x 10-09.
A B10d value of 1,000,000 was used as basis for the power contactor.
The following SINUMERIK/SINAMICS components were used as basis:
5 x 6SL312x-1xExx-xAx4 (single axis module) PFH = 1.00 x 10-08
NCU 730.3 (6FC5373-0AA30-0AA1) PFH = 1.00 x 10-08

Short title of application

Entry-ID:109479356, 10/2015 9
 3 Determining the Performance Level

When calculating the PFH value, for the safety function it was assumed that the
Emergency Stop pushbutton is actuated once a day.
The diagnostics coverage is 99%.

3.2.3 Calculation

In accordance with information provided by the manufacturer and confirmed by the

BG-Institute for Occupational Safety and Health, the equivalent MTTFd value for
precisely this SINAMICS configuration (L2, L3, L4, L5, L6, and L7) is determined as
follows:

1
MTTFd =
PFHges x 50,5 x 8760

1
 Siemens AG Copyright year All rights reserved

=
6 x 1,00 x 10-08 x 50,5 x 8760

= 37,68 Jahre
Figure 3-3

Condition for achieving category 4 specified in ISO 13849-1: MTTFd >= 30 years

With the assumptions made in Section 3.2.2, the following PFH values are
obtained for the individual components:

Table 3-2
Designation in the block Component PFH value
diagram
I1 Emergency Stop pushbutton 2.47 x 10-08
L1 Safety relay 3.70 x 10-09
-08
Channel 1: K1 Channel 1: Power contactor 3.49 x 10
Channel 2: L2, L3, L4, L5, L6, Channel 2: SINUMERIK 840D
L7 sl/ SINAMICS S120

Total 6.33 x 10-08

The safety function has an overall PFH value of 6.33 x 10-08 and therefore complies
with the requirements laid down for PL e.
Please refer to SET or the SISTEMA project for detailed calculations.

Short title of application

Entry-ID:109479356, 10/2015 10