Auma Sa series User manual

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

SAEx 07.2 –SAEx 16.2/SAREx 07.2 –SAREx 16.2

with actuator controls

AC 01.2-SIL/ACExC 01.2-SIL

SIL version

Functional SafetyManual

NOTICE for use!

This document is only valid in combination with the current operation instructions enclosed with the device.

Purpose of the document:

The present documents informs about the actions required for using the device in safety-related systems in

accordance with IEC 61508 or IEC 61511.

Reference documents:

●Operation instructions (Assembly, operation, commissioning) for actuator

●Manual (Operation and setting) AUMATIC AC 01.2

●Manual (Device integration Fieldbus) AUMATIC AC 01.2/ACExC 01.2

●Technical data on multi-turn actuator and on actuator controls

Reference documents can be downloaded from the Internet (www.auma.com) or ordered directly from AUMA

(refer to <Addresses>).

Table of contents Page

41. Terminology............................................................................................................................ 41.1. Abbreviations and concepts

62. Application and validity......................................................................................................... 62.1. Range of application 62.2. Standards 62.3. Valid device types

73. Architecture, configuration and applications...................................................................... 73.1. Architecture (actuator sizing) 83.2. Configuration (setting)/version 93.3. Applications (environmental conditions)

114. Safety instrumented systems and safety functions........................................................... 114.1. Safety instrumented system including an actuator 114.2. Safety functions 124.3. Safe inputs and outputs 124.4. Redundant system architecture 134.5. Examples of applications 144.6. System representation

155. Installation, commissioning and operation......................................................................... 155.1. Installation 165.2. Commissioning 175.3. Operation 175.4. Lifetime 175.5. Decommissioning

186. Indications on display............................................................................................................ 186.1. Status indications on SIL functions 196.2. SIL configuration warning 196.3. Backlight

207. Signals..................................................................................................................................... 207.1. Signals via SIL module 207.2. SIL fault signal via standard controls display (for troubleshooting support)

Multi-turn actuators

Table of contents SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

217.3. Status signals via output contacts (digital outputs) of standard controls 217.4. Signal via fieldbus of standard controls

238. Tests and maintenance.......................................................................................................... 238.1. Safety equipment: check 238.2. Internal actuator monitoring with control via standard controls 238.3. Partial Valve Stroke Test (PVST): execute 248.4. Proof test (verification of safe actuator function) 258.4.1. Safe ESD safety operation (Safe OPENING/CLOSING) 268.4.2. SIL fault signal "Actuator monitoring": check 268.4.3. Safe ESD reaction for "Motor protection (thermal fault)" signals:check 278.4.4. Safe ESD reaction to "Limit seating with overload protection" (limit and/or torque eval-

uation): check 298.4.5. Safe ESD reaction to "Forced limit seating in end position" (limit evaluation) –for actu-

ators with electromechanical control unit: check 298.4.6. Safe ESD reaction for "Forced limit seating in end position" (limit evaluation) –for actu-

ators with electronic control unit and limit switches: check 308.4.7. Safe ESD reaction to "Forced torque seating in end position" (torque after limit evalu-

ation): check 318.4.8. Safe ESD reaction for "No seating" (no evaluation of limit and torque): check 328.4.9. Safe STOP function: check 338.4.10. Combination of Safe ESD and Safe STOP function: check 348.5. Maintenance

359. Safety-related figures............................................................................................................. 359.1. Determination of the figures 369.2. Specific figures for AC 01.2 controls in SIL version with actuators of SA.2 series

3910. SIL Certificate.........................................................................................................................

4011. Checklists............................................................................................................................... 4011.1. Commissioning checklist 4011.2. Proof test checklists 4011.2.1. Safe ESD safety operation (Safe OPENING/CLOSING) 4011.2.2. SIL fault signal "Actuator monitoring" 4111.2.3. Safe ESD reaction to "Motor protection (thermal fault)" signals 4211.2.4. Safe ESD reaction to "Limit seating with overload protection" (limit and/or torque eval-

uation) 4211.2.5. Safe ESD reaction to "Forced limit seating in end position" (limit evaluation) –for actu-

ators with electromechanical control unit 4311.2.6. Safe ESD reaction to "Forced limit seating in end position" (limit evaluation) –for actu-

ators with electronic control unit and limit switches 4411.2.7. Safe ESD reaction to "Forced torque seating in end position" (torque after limit evalu-

ation) 4411.2.8. Safe ESD reaction to "No seating" 4511.2.9. Safe STOP function 4611.2.10. Combination of Safe ESD and Safe STOP

49Index........................................................................................................................................

50Addresses...............................................................................................................................

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Table of contents

1. Terminology

Information sources ●IEC 61508-4, Functional safety of electrical/electronic/programmable electronic

safety-related systems –Part 4: Definitions and abbreviations

●IEC 61511-1, Functional safety - Safety instrumented systems for the process

industry sector –Part 1:Framework, definitions, system, hardware and software

requirements

1.1. Abbreviations and concepts

To evaluate safety functions, the lambda values or the PFD value (Probability of

Dangerous Failure on Demand) and the SFF value (Safe Failure Fraction) are the

main requirements.Further figures are required to assess the individual components.

These figures are explained in the table below.

Table 1: Abbreviations of safety figures

DescriptionFull expressionAbbrevi-

ation Number of safe failuresLambda Safe

λSNumber of dangerous failuresLambda Dangerous

λDNumber of undetected dangerous fail-

ures

Lambda Dangerous Undetected

λDU

Number of detected hazardous failuresLambda Dangerous Detected

λDD Diagnostic Coverage - ratio between

the failure rate of dangerous failures

detected by diagnostic tests and total

rate of dangerous failures of the com-

ponent or subsystem.The diagnostic

coverage does not include any failures

detected during proof tests.

Diagnostic CoverageDC

Mean time between the occurence

between two subsequent failures

Mean Time Between FailuresMTBF

Fraction of safe failures as well as of

detected hazardous failures

Safe Failure FractionSFF

Average probability of dangerous fail-

ures on demand of a safety function.

Average Probability of dangerous Fail-

ure on Demand

PFDavg

Ability of a functional unit to execute a

required function while faults or devi-

ations are present.HFT = n means that

the function can still be safely executed

for up to n faults occurring at the same

time.

Hardware Failure ToleranceHFT

Interval for proof testProof test intervalTproof

SIL Safety Integrity Level

The international standard IEC 61508 defines 4 levels (SIL 1 through SIL 4).

Safety function Function to be implemented by a safety-related system for risk reduction with the

objective to achieve or maintain a safe state for the plant/equipment with respect to

a specific hazardous event.

Safety instrumented

function (SIF) Function with specified safety integrity level (SIL) to achieve functional safety.

Safety instrumented

system (SIS) Safety instrumented system for executing a single or several safety instrumented

functions.An SIS consists of sensor(s), logic system and actuator(s).

Safety-related system A safety-related system includes all factors (hardware, software, human factors)

necessary to implement one or several safety functions. Consequently failures of

safety function would result in a significant increase in safety risks for people and/or

the environment.

A safety-related system can comprise stand-alone systems dedicated to perform a

particular safety function or can be integrated into a plant.

Multi-turn actuators

Terminology SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Proof test Periodic test performed to detect dangerous hidden failures in a safety-related system

so that, if necessary, a repair can restore the system to an "as new" condition or as

close as practical to this condition.

MTTR (MeanTimeTo

Restoration) Mean time to restoration once a failure has occurred. Indicates the expected mean

time to achieve restoration of the system.It is therefore an important parameter for

system availability.The time for detecting the failure, planning tasks as well as

operating resources is also included.It should be reduced to a minimum.

MRT (Mean RepairTime) Mean repair time indicates the mean time required to repair a system.The MRT is

crucial when defining the reliability and availability of a system.The MRT should

preferably be small.

Device type (type A and

type B) Actuator controls can be regarded as type A devices if all of the following conditions

are met for all components required to achieve the safety instrumented function:

●The failure modes for all constituent components involved are well defined

●The behaviour under fault conditions can be completely determined.

●There is sufficient dependable failure data from the field to show that the claimed

rates of failure are met (confidence level min. 70 %).

Actuator controls shall be regarded as type B devices if one or several of the following

conditions are met:

●The failure of at least one constituent component is not well defined.

●The fault behaviour is not completely known.

●There is insufficient dependable failure data to support claims for rates of failure

for detected and undetected dangerous failures.

PTC (ProofTest Cover-

age) Proof test coverage describes the fraction of failures which can be detected by means

of a proof test.

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Terminology

2. Application and validity

2.1. Range of application

AUMA actuators and actuator controls in SIL version are intended for operation of

industrial valves and are suitable for use in safety instrumented systems in accordance

with IEC 61508 or IEC 61511.

2.2. Standards

Both actuators and actuator controls meet the following requirements:

●IEC 61508 ED.2: Functional safety of electrical/electronic/programmable elec-

tronic safety-related systems

2.3. Valid device types

The data on functional safety contained in this manual applies to the device types

indicated hereafter.

Table 2: Overview on suitable device types

Power supplyType MotorControlsActuator 3-phase AC currentAC 01.2 in SIL versionSA 07.2 –SA 16.2 3-phase AC currentAC 01.2 in SIL versionSAR 07.2 –SAR 16.2 3-phase AC currentACExC 01.2 in SIL versionSAEx 07.2 –SAEx 16.2 3-phase AC currentACExC 01.2 in SIL versionSAREx07.2 –SAREx16.2

Multi-turn actuators

Application and validity SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

3. Architecture, configuration and applications

3.1. Architecture (actuator sizing)

For actuator architecture (actuator sizing) the maximum torques, running torques

and operating times are taken into consideration.

Incorrect actuator architecture can lead to device damage within the safety-

related system!

Possible consequencescanbevalve damage,motor overheating,contactor jamming,

defective thyristors, heating up or damage to cables.

→The actuator technical data must imperatively be observed when selecting the

actuator.

→Sufficient reserves have to be provided to ensure that actuators are capable of

reliably opening or closing the valve even in the event of an accident or under-

voltage.

Architecture when using the Safe STOP function

Information For the Safe STOP function, the motor is switched off, overrun may possibly occur!

Valve damage due to overrun!

→For the Safe Stop function (SS), the overrun of the arrangement (actuator,

gearbox, valve) and the reaction time have to be observed.

→If the application requires self-locking of the actuator, please consult AUMA.

Architecture when using the Safe ESD function

Actuators with electromechanical control unit:

End position signalling (limit switching) and torque signalling via the electromechanical

control unit are safe signals which may be integrated into a safety-related system.

For "SIL seating" = "no seating" (without end position protection), we recommend:

●To prevent valve damage during safety operation, we recommend, depending

on the stiffness, sizing the valve to 3 –5 times the maximum actuator torque.

●To avoid thermal damage due to excessive currents, we recommend monitoring

(assessing) the motor protection.

Actuator with electronic control unit MWG:

Information End position signalling (limit switching) and torque signalling via the electronic control

unit MWG are not considered as safe signals.

●In case safe signals are required, they have to be implemented differently, e.g.

using switches on the valve.

●To prevent valve damage during safety operation, we recommend, depending

on the stiffness, sizing the valve to 3 –5 times the maximum actuator torque.

●To avoid thermal damage due to excessive currents, we recommend monitoring

(assessing) the motor protection.

Actuators with electronic control unit MWG including limit switches:

Information In this version, safe signalling can exclusively be ensured via limit switches.

For "SIL seating" = "no seating" (without end position protection), we recommend:

●To prevent valve damage during safety operation, we recommend, depending

on the stiffness, sizing the valve to 3 –5 times the maximum actuator torque.

●To avoid thermal damage due to excessive currents, we recommend monitoring

(assessing) the motor protection.

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Architecture, configuration and applications

Information For "SIL seating" = "forced limit seating in end position", the seating is performed

via limit switches in the end position.Since each switch has a hysteresis, the actuator

leaves the end position prior to limit switch release.Consequently, there is a marginal

range of actuator positions to the safety position, for which the limit switch is still

operated when leaving the safety position while the Safe ESD function is NOT

available. In this case, safety function triggering leads to actuator standstill. If the

range in question is approached from the opposite direction, this limitation does not

apply.In general this range is relatively low.However, for unfavourable configurations

(low number of turns per stroke), this range can amount to more than 10 % of the

total stroke.

Should within the framework of unfavourable conditions the effect described above

represent an unacceptable limitation for the safety function, we recommend applying

the configuration "forced torque seating in end position" or "no seating" for safety

operation.

Power supply

Information The plant operator is responsible for power supply.

3.2. Configuration (setting)/version

Configuration (setting) of safety-related functions is adjusted in the factory during

controls assembly and validated during final inspection. Subsequent modification of

the configuration by the plant operator is not permissible.

General functions are set as described in the Operation instructions or the Manual

(Operation and setting) AUMATIC AC 01.2.

Configuration of safety-related functions is listed in the order-related technical data

sheet.

Configuration options for safety function

Table 3: Configuration options for safety function

Short descriptionConfiguration

SIL function Safe CLOSINGSafe ESD CLOSE/CLOSE Safe OPENINGSafe ESD OPEN/OPEN Safe STOP in direction CLOSE and direction OPENSafe STOP CLOSE/OPEN Safe CLOSING and Safe STOP in direction CLOSE

and direction OPEN

Safe ESD CLOSE/CLOSE + Safe

STOP CLOSE/OPEN Safe OPENING and Safe STOP in direction CLOSE

and direction OPEN

Safe ESD OPEN/OPEN + Safe

STOP CLOSE/OPEN

Seating configuration options

Information Seating of standard actuator controls should be configured as set forth in the tables

below.

Multi-turn actuators

Architecture, configuration and applications SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Table 4: For actuators with electromechanical control unit:

Configuration

Type of seating

Standard controls

Short descriptionConfiguration

SIL seating type

Freely selectableNo seating by limit or torque switches dur-

ing safety operation

1: No seating

Torque seatingSafety operation is stopped if both limit and

torque switches trip simultaneously

2:Forced torque seat-

ing in end position Limit seatingSafety operation is stopped by limit switch

tripping

3: Forced limit seating

in end position Limit seatingSafety operation is stopped by tripping the

limit switches and/or the torque switches

(overload protection).

4: Limit seating with

overload protection

Table 5: For actuators with electronic control unit MWG

Configuration

Type of seating

Standard controls

Short descriptionConfiguration

SIL seating type

Freely selectableNo seating by limit or torque switches dur-

ing safety operation

1: No seating

Table 6: For actuators with electronic control unit MWG including limit switches

Configuration

Type of seating

Standard controls

Short descriptionConfiguration

SIL seating type

Limit seatingSafety operation is stopped by limit switch

tripping

3: Forced limit seating

in end position

Configuration options for motor protection assessment

Table 7: Configuration options for motor protection assessment

Short descriptionConfiguration

SIL motor protection Tripping of the motor protection (thermal fault) stops or prevents safety

operation

Active

Motor protection has no impact on the safety operationInactive

Information "SIL motor protection" = "inactive" configuration is only set if explicitly required.The

version does not meet the Ex approval requirements.

3.3. Applications (environmental conditions)

When specifying and using the actuators within safety instrumented systems, make

sure that the permissible service conditions and the EMC requirements by the

peripheral devices are met.Service conditions are indicated in the technical data

sheets:

●Enclosure protection

●Corrosion protection

●Ambient temperature

●Vibration resistance

If the actual ambient temperatures exceed an average of +40 °C, the lambda values

have to be incremented by a safety factor. For an average temperature of +60 °C,

this factor is specified to 2.5.

For environmental test, actuator and actuator controls were subjected to the following

standards:

●Dry heat: EN 60068-2-2

●Damp heat: EN 60068-2-30

●Cold: EN 60068-2-1

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Architecture, configuration and applications

●Vibration test: IEC 60068-2-6

●Induced seismic vibration (earthquake): IEC 68-3-31)

●Enclosure protection test IP68: EN 60529

●Salt spray test: EN ISO 12944-6

●Immunity requirements: EN 61326-3-1

●Emission: EN 61000-6-4

1) Thyristor version only

Multi-turn actuators

Architecture, configuration and applications SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

4. Safety instrumented systems and safety functions

4.1. Safety instrumented system including an actuator

Typically, a safety instrumented system including an actuator is composed of the

components as shown in the figure.

Figure 1:Typical safety instrumented system

[1] Sensor

[2] Controls (standard and safety PLC)

[3] Actuator with actuator controls

[4] Valve

[5] Process control system

Thesafetyintegrity level is alwaysassigned to an overall safety instrumented system

and not to an individual component.

For an individual component (e.g. an actuator), safety instrumented figures are

determined.These figures are used to assign the devices to a potential safety integrity

level (SIL).The final classification of the safety instrumented system can only be

made after assessing and calculating all subsystems.

4.2. Safety functions

In calculating the safety actuator figures, the following safety functions are taken into

account:

●Safe ESD function (Emergency Shut Down): Safe OPENING/CLOSING

-Redundant Safe ESDa and Safe ESDb signals (standard:low active) make

the actuator travel to the configured direction (OPEN/CLOSE).

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Safety instrumented systems and safety functions

●Safe STOP function: Safe STOP

-Anoperationcommand ofstandard controls(in directionsOPEN or CLOSE)

will only be executed if an additional enable signal for the operation com-

mand is applied.

-If this is not the case, operation in directions OPEN or CLOSE is stopped

or even suspended (motor is switched off).

●Safe ESD function combined with Safe STOP function

-Safe ESD function has a higher priority i.e.if both functions are activated,

the actuator is operated into the configured direction (OPEN/CLOSE).

The different configuration options of the safety functions are described in the

<Configuration (setting)/version> chapter.

4.3. Safe inputs and outputs

Safe inputs for Safe OPENING/CLOSING (Safe ESD function):

●Safe ESDa

●Safe ESDb

Safe inputs for safe stop (Safe STOP function):

●Safe STOP OPEN

●Safe STOP CLOSE

Safe outputs (indication that it might not be possible to perform the safety function:

●SIL failure

●SIL ready

For detailed information on safe inputs and outputs, refer to <Configuration

(setting)/version> chapter and <Installation> chapter.

4.4. Redundant system architecture

Besides the already described typical safety instrumented system including an

actuator, safety can be increased by integrating a second, redundant valve and

actuator with actuator controls in SIL version into the safety instrumented system.

The decision on the correct version depends on the entire system.With the redundant

system architecture shown below, actuator and actuator controls achieve SIL 3 in

accordance with IEC 61508.

Figure 2: Redundant system with Safe ESD for Safe CLOSING

Multi-turn actuators

Safety instrumented systems and safety functions SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Figure 3: Redundant system with Safe ESD for Safe OPENING

4.5. Examples of applications

Safe OPENING of a pressure vessel using the Safe ESD function

The standard PLC controls the entire system. A system fault occurs if excessive

pressure is generated within the system.In this case, the safety PLC immediately

opens the valve for safe pressure relief.

Figure 4: Application example:Pressure vessel

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Safety instrumented systems and safety functions

Safe stop of locks to prevent destruction using the Safe STOP function.

Operationsafety(preventing hazardsto persons and systems) is of utmost importance

for locks.Once the lock closes, no boats must be between the gates.Otherwise, the

Safe STOP function (e.g. via EMERGENCY Stop button) is executed.

Figure 5: Application example: Lock

4.6. System representation

The representation below shows the simplified design of an AC 01.2/ACExC 01.2

in SIL version.

Figure 6: Simplified system representation

Multi-turn actuators

Safety instrumented systems and safety functions SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

5. Installation, commissioning and operation

Information Installation and commissioning have to be documented by means of an assembly

report and an inspection certificate.Installation must be carried out exclusively by

suitably qualified personnel.

The plant operator is responsible for ensuring power supply protection against

overvoltage and undervoltage during execution of a safety function.

5.1. Installation

General installation tasks (assembly, electrical connection) have to be performed

according to the operation instructions pertaining to the device and the enclosed

order-specific wiring diagram.

When operating and storing the devices in ambient temperatures below –25 °C,

ensure power supply of integral heating system.

Safety functions are connected via the SIL module integrated in the AC 01.2/ACExC

01.2 actuator controls.

SIL fault must be connected to a SIL 2 compatible input of a safety PLC and

subsequently analysed.

Figure 7: Connections for safety functions via SIL module

[1] Connections for parallel control

[2] Connections for fieldbus control

Input switching behaviour of Safe ESDa/ESDb and Safe STOP

OPEN/CLOSE:

●Input level = high level (standard: +24 V DC)

= No safety operation for Safe ESD function or

= No safe stop for Safe STOP function

●Input signal = low level (0 V DC or input open)

= Failure operation for Safe ESD function or

= Safe stop for Safe STOP function

Permissible input voltage range:

●High level: 15 –30 V DC

●Low level: max. 5 V DC

Signal behaviour of SIL ready and SIL failure outputs:

●SIL ready (signal inactive), i.e.:

NO (NO contact) output = closed

NC (NC contact) output = open

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Installation, commissioning and operation

●SIL failure (signal active), i.e.:

NO (NO contact) output = open

NC (NC contact) output = closed

Customer connections for controlSignalDesignation

Wiring diagram [2] Fieldbus[1] Parallel XK 3XK 31Digital input for Safe ESD functionSafe ESDa XK 5XK 32Redundant input for Safe ESD functionSafe ESDb XK 7XK 33Reference potential for Safe ESDa and Safe ESDb0 V XK 8XK 35Digital input for Safe STOP function in direction CLOSESafe STOP CLOSE XK 9XK 37Reference potential for Safe STOP CLOSE0 V XK 10XK 36Digital input for Safe STOP function in direction OPENSafe STOP OPEN XK 11XK 38Reference potential for Safe STOP OPEN0 V XK 15XK 40NO contact of SIL fault signalSIL ready XK 14XK 39NC contact of SIL fault signalSIL failure XK 16XK 42Reference potential for SIL fault signalCom.

SIL fault displayed via SIL failure output

DescriptionFault causes

SIL Motor protection trippedThermal fault Torque fault in directions OPEN and/or CLOSETorque fault Current position feedback is outside permissible range.Fault position feed-

back One phase of power supply is missing.

Controls are not supplied with mains voltage

Phase failure

The phase conductors L1, L2 and L3 are connected in the wrong sequence.Phase sequence

fault The safety-related part of controls is without power supply.Power supply failure Temperature within controls housing too high

Failure of heating system for ambient temperatures below –25 °C

Temperature fault

Actuator of valve lockedFailure of actuator

monitoring Both signals Safe ESDa and Safe ESDb are not simultaneously on the same level.Fault in redundant

wiring Safe ESD Internal error of the SIL moduleInternal error

For further information on SIL faults and in particular to assist in troubleshooting,

refer to chapter <Indications>.

Information The basic function "automatic correction of direction of rotation" is not available for

this version.When connecting the power supply ensure that phases L1, L2 and L3

are correctly connected. For checking the direction of rotation, refer to operation in-

structions pertaining to the actuator.

The "external supply of electronics" option of the actuator controls refers to standard

actuator controls.In case of mains failure, the SIL module would no longer be

operable despite external supply of the electronics.

5.2. Commissioning

The operation instructions pertaining to the device must be observed for general

commissioning.

Information For the Safe ESD function, operation into the safe position can be performed irre-

spective of the selector switch position (LOCAL - OFF - REMOTE) or the operating

status.Even in positions LOCAL and OFF or at system start, can the actuator start

by triggering the safety function.

Multi-turn actuators

Installation, commissioning and operation SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Risk of immediate actuator start when switching on if the motor/handwheel

locking device was removed while the motor was in disengaged position!

Risk of personal injuries or damage to the valve

→Ensure that high level is present at the Safe ESDa/ESDb inputs when

switching on (standard: +24 V DC).

If the actuator is operated over a longer period (for several hours) while the

motor is disengaged, this entails considerable wear of the actuator.Worst

case would be accidental start-up or even destruction of the actuator.

On delivery, the motor is disengaged to prevent accidental start-up of the actuator

as well as consequential personal injuries or damage to the valve.

If the actuator is connected to 3-phase AC current without high level is present at

the Safe ESDa/ESDb inputs (default: +24 V DC), the motor will start without any

movement at the output drive.

→Operational actions have to be provided ensuring that the described state only

persists for a short time, i.e.a few minutes at the maximum.

→Remove the motor locking device prior to commissioning. It must only be used

for a short time during proof test.

After commissioning, the safe actuator function must be verified. Refer to <Proof

test> chapter.

5.3. Operation

Regular maintenance and device checks in determined Tproof intervals are the basis

for safe operation.The figures indicated in the <Safety figures> chapter are valid for

Tproof = 1 year.

For operation, both the pertaining operation instructions and the Manual (Operation

and setting) AUMATIC AC 01.2 have to be observed.

In case of possible failures or defects of the safety system, safe function must be

guaranteed by introducing alternative actions.Furthermore, a detected fault including

fault description has to be sent to AUMA Riester GmbH & Co. KG. Autonomous

repair work by the plant operator is not permitted.

5.4. Lifetime

Lifetime of actuators is described in the technical data sheets or the operation

instructions.

Safety-related figures are valid for the cycles or modulating steps defined in the

technical data specifications for typical periods of up to 10 years (the criterion

achieved first is valid). After this period, the probability of failure increases.

5.5. Decommissioning

When decommissioning an actuator with safety functions, the following must be

observed:

●Impact of decommissioning on relevant devices, equipment or other work must

be evaluated.

●Safety and warninginstructionscontained in the actuator operation instructions

must be met.

●Decommissioning must be carried out exclusively by suitably qualified personnel.

●Decommissioning must be recorded in compliance with regular requirements.

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Installation, commissioning and operation

6. Indications on display

This section contains indications of standard controls only available in SIL version .

General indications as well as settings and operation are described in the pertaining

operation instructions and in the Manual (Operation and setting) AUMATIC AC 01.2.

Information Indications on the display are not part of a safety function!They must not be integrated

in a safety-related system!

The indications support the user on site at the device, making the safety function

status easily discernible.

6.1. Status indications on SIL functions

Actuator controls may indicate status information on safety-related functions on the

display.

SIL status (S0013)

Indication S0013 signals the safety function and the SIL fault indication status.

If the SIL symbol is shown in the header of the display, one of the following three

indications is active:Safe ESD, Safe STOP or SIL fault.

Figure 8: Safety function and SIL fault indication status

StatusStatus indications on

display SafeESD function (SafeOPENING/CLOSING) is active:Actuator

is operated in the configured direction (CLOSE/OPEN) (inputs

Safe ESDa/Safe ESDb = 0 V or open)

Safe ESD

Safe STOP function is active, actuator stops (Safe STOP

OPEN or Safe STOP CLOSE = 0 V or open inputs)

Safe STOP

SIL fault signal active, i.e. possible problems when executing a

safety function (Safe ESD or Safe STOP).

SIL fault

Warnings (S0005)

Indication S0005 shows the numbers of warnings having occurred.

In case a SIL fault occurs, the SIL fault message is listed in indication S0005. Refer

to Details > Status for further details.

Figure 9:Warning: SIL fault

Not ready REMOTE (S0006)

Indication S0006 shows the number of occurring messages which are part of the

Not ready REMOTE group.

If a safety function is active (Safe ESD or Safe STOP), the indication is listed in the

SIL function active Not ready REMOTE group. Refer to Details > Status for further

details.

Multi-turn actuators

Indications on display SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Figure 10: Signal: Safety function active

Information As soon as a safety function is active (SIL function active indication), the actuator is

controlled via the safety PLC and the SIL module. For “normal control”(standard

PLC), controls are therefore “Not ready REMOTE”.

6.2. SIL configuration warning

In combination with the safety functions, the following configurations or settings of

standard controls may have an impact on the standard functions:

●Self-retaining Local M0076 = OPEN/CLOSE

●Self-retaining Remote M0100 = OPEN/CLOSE

If one of these configurations is selected in the standard controls, the device generates

the SIL config. warning.

6.3. Backlight

In standard operation, display backlight of actuator controls is white. In the event of

a fault, the display backlight is red.The red backlight does NOT refer to the safety

function status but to the faults referred to as "faults" in the Manual (Operation and

setting) AUMATIC AC 01.2.

Multi-turn actuators

SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2 Indications on display

7. Signals

7.1. Signals via SIL module

The integrated SIL module signals a SIL fault via an output contact (SIL ready

or SIL failure outputs). Only these signals may be used in a safety-related

system.

For the signal behaviour of the SIL ready/SIL failure outputs, refer to

<Installation> chapter.

Once a SIL fault occurs, the system has to be checked immediately and the

installation has to be put in a safe state, if required.

7.2. SIL fault signal via standard controls display (for troubleshooting support)

If the SIL module output contact (SIL ready or SIL failure outputs) signals

a SIL fault, the exact fault can be determined via the indication in the standard controls

display.For details on all fault indications and warning indications on the standard

controls display, refer to Manual (Operation and setting) AUMATIC AC 01.2.

The SIL module output contact serves as collective signal for the faults listed in the

table below.

Table 8: Individual signals of SIL fault collective signal

Impact on safety function

→Remedy

Description/

cause of fault

Indication on display

Standard controls For version “SIL motor protection”= active:

●The Safe ESD safe function cannot be executed.

●If the fault is triggered during safety operation, operation is

stopped.

Remedy

→Cool down, wait.

Motor protection tripped.

Thermal fault

For “SIL seating”= “"Limit seating with overload protection”

configuration:

●The Safe ESD safe function cannot be executed.

●If the fault is triggered during safety operation, operation is

stopped.

Remedy

→Execute operation command in opposite direction.

→Verify torque switching setting.

→Check whether foreign object prevents the valve from closing.

→Possibly problems with the valve.

Torque fault in directions

CLOSE or OPEN

Torque fault in directions

CLOSE and OPEN (simultan-

eously).

Torque fault CLOSE

Torque fault OPEN

For configurations “SIL seating”= “Limit seating with overload

protection”, “SIL seating”=“Forced limit seating in end posi-

tion”, or “SIL seating”=“Forced torque seating in end position”:

●The Safe ESD safe function cannot be executed.

●If the fault is triggered during safety operation, operation is

stopped.

Remedy

→Verify reduction gearing settings within the actuator.

→In case of possible defect at the actuator: Contact AUMA service

Current position feedback sig-

nal range is outside the per-

missible range.

Both limit switches (OPEN and

CLOSED) are operated simul-

taneously.

Possibly defect at actuator

mechanics.

Wrn range act.pos.

●The Safe ESD safe function cannot be executed.

●The Safe STOP safe function is indirectly executed as the motor

is no longer supplied with power.

Remedy

→Test/connect phases.

One phase of power supply is

missing.

Controls are not supplied with

mains voltage

Phase fault

In case of wrong phase sequence, the actuator is operated into the

wrong direction during safety operation.

Remedy

→Correct the sequence of the phase conductors L1, L2 and L3 by

exchanging two phases.

The phase conductors L1, L2

and L3 are connected in the

wrong sequence.

Incorrect phase seq

Multi-turn actuators

Signals SA 07.2 –SA 16.2/SAR 07.2 –SAR 16.2

Other manuals for SA Series

This manual suits for next models

Table of contents

Popular Controllers manuals by other brands

Ametek

Ametek ZF2 SCR Series Instruction, Operation and Maintenance Manual

ICD

ICD NeoGCP3 user manual

Penn

Penn A19 Series Mounting and installation

Ricoh

Ricoh Interactive Whiteboard Controller Type 1 operating instructions

RIB

RIB T2-CRX Simplified instructions

Ruckus Wireless

Ruckus Wireless SmartZone 100 Quick setup guide

Megmeet

Megmeet MC200E Series Quick start user manual

EUCHIPS

EUCHIPS EUP40D-1HMC-0 manual

Honeywell

Honeywell HercuLine 2000 Series quick start guide

Mitsubishi Electric

Mitsubishi Electric MELSERVO-J5 MR-J5-G Series user manual

MHG Heating

MHG Heating ProCon Boiler Controller Quick reference guide

opticis

opticis IPVDS-500-ED user manual

Salda

Salda Stouch Technical manual

AAON

AAON AA-HB-TGD-01F Technical guide

Chore-Time

Chore-Time SUPER-Selector PT 40866 Installation and operation manual

Rohde & Schwarz

Rohde & Schwarz SpycerBox Cell Important information

Fisher

Fisher 4660 instruction manual

Mitsubishi Electric

Mitsubishi Electric MELSEC iQ-F Series Quick connection guide

AUMA SA Series User manual

Popular Controllers manuals by other brands