Contrinex YRB-4EML-31S Instructions for use
SAFETY RELAY APPLICATION
Application manual for YRB-4EML-31S safety relay
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 2
Designation:
Revision:
Order No.:
SAFETYRELAYAPPLICATION
02 / 13.07.2016
605-000-728
This manualis valid for:
YRB-4EML-31S from Contrinex
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 3
Pleaseobserve the following notes
User group of this manual
The use of products described in this manual is oriented exclusively to:
–Qualified electriciansor persons instructedby them, who are familiar with applicable
standards and other regulationsregardingelectricalengineeringand, in particular,the
relevantsafety concepts.
–Qualified application programmersand software engineers, who are familiar with the
safety concepts of automationtechnology and applicable standards.
Explanation of symbols used and signal words
Thisis the safetyalert symbol. It isused to alert you to potentialpersonalinjury
hazards. Obey all safety measures that follow this symbol to avoid possible
injuryor death.
There are three different categories of personal injury that are indicated with a
signal word.
DANGER This indicates a hazardoussituationwhich, if not avoided, will
resultin death orserious injury.
WARNING This indicates a hazardous situation which, if not avoided, could
resultin death orserious injury.
CAUTION This indicates a hazardous situation which, if not avoided, could
resultin minor or moderate injury.
This symbol together with the signal word NOTE and the accompanying text
alert the reader to a situation which may cause damage or malfunction to the
device,
hardware/software,
or surrounding property.
This symbol and the accompanying text provide the reader with additional
informationor refer to detailed sources of information.
How to contact us
Internet Up-to-date
information
onContrinexproductsand ourTermsand Conditionscan be found
on the Internetat:
www.contrinex.com
Subsidiaries If there are any problems that cannot be solved using the documentation,pleasecontact
your Contrinex subsidiary.
Subsidiary contact informationis availableat www.contrinex.com.
Published by CONTRINEX SA
André-Piller 50
1762 Givisiez
SWITZERLAND
Should you haveany suggestions orrecommendations forimprovement
of
the
contentsand
layout of our manuals, please send your comments to:
info@contrinex.com
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 4
General terms and conditions of use for technical docum
e
ntat
i
o
n
Contrinex reserves the right to alter, correct, and/or improve the technical
documentation and the products described in the technical documentation at its own
discretion and withoutgivingprior notice, insofaras this is reasonablefor the user. The
same applies to any technical changes thatserve the purpose of technical progress.
The receipt of technical documentation (in particular user documentation) does not
constitute any further duty on the part of Contrinex to furnish informationon
modifications
toproductsand/ortechnical
documentation. You
areresponsibleto
verify
the suitabilityand
intended use of the products in your specific application, in particularwith regard to
observing the applicable standards and regulations.All informationmade availablein the
technical data is supplied without any accompanying guarantee,whether expressly
mentioned,implied or tacitly assumed.
In
general,
theprovisionsofthecurrentstandardTermsandConditionsof Contrinex apply
exclusively,in particular as concerns any warranty liability.
This manual, including all illustrationscontained herein, is copyright protected. Any
changes to the contents or the publication of extracts of this document is prohibited.
Contrinex reserves the right to register its own intellectual property rights for the product
identificationsofContrinexproducts that
are
used
here. Registration
ofsuch intellectual
property rights by third parties is prohibited.
Otherproduct identificationsmay be affordedlegalprotection,evenwheretheymaynotbe
indicated as such.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 5
Table of contents
1 Introduction..................................................................................................................................................... 7
1.1 Target group for this application manual................................................................................................ 7
2 Safety of machines and systems ..................................................................................................................... 9
2.1 Functional safety ................................................................................................................................... 10
2.2 Practical procedure according to EN ISO
13849
................................................................................... 10
2.2.1 Definition of the safety function ................................................................................................... 10
2.2.2 Determination of the required performance level (PL
r
)
.............................................................. 11
2.2.3 Technical implementation............................................................................................................. 11
2.2.4 Dividing the safety function into subsystems ................................................................................ 12
2.2.5 Determination of the achieved PL for each subsystem................................................................. 12
2.2.6 Determination of the achieved PL for the overall safety function................................................ 14
2.2.7 Verification of the achieved PL...................................................................................................... 14
2.2.8
V
alidatio
n
...................................................................................................................................... 14
2.3 Practical procedure according to EN ISO
62061
................................................................................... 15
2.3.1 Specification of requirements for the safety-related control function (SRCF)............................... 15
2.3.2 Determination of the required safety integrity level
(SIL)
............................................................ 15
2.3.3 Drafting the safety-related electrical control system ................................................................... 15
(SRECS) .......................................................................................................................................................... 15
2.3.4 Determination of the achieved safety integrity for the entire SRECS........................................... 16
2.3.5 Verification of the achieved SIL...................................................................................................... 16
2.3.6
V
alidatio
n
...................................................................................................................................... 17
3 Safety technology basics ............................................................................................................................... 18
3.1 Cross-circuit detection .......................................................................................................................... 18
3.2 Maximum cable lengths ........................................................................................................................ 19
3.3 Stop ....................................................................................................................................................... 20
4 Application examples for YRB-4EML-31S safety relay .................................................................................. 22
4.1 Emergency stop..................................................................................................................................... 22
4.1.1 YRB-4EML-31S up to PL c/SIL
1
...................................................................................................... 23
4.1.2 YRB-4EML-31S up to PL d/SIL
2
..................................................................................................... 25
4.2 Light curtain (ESPE)................................................................................................................................ 27
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 6
4.2.1 YRB-4EML-31S up to PL e/SIL
3
..................................................................................................... 28
4.3 Movable guards..................................................................................................................................... 30
4.3.1 YRB-4EML-31S up to PL d/SIL
2
..................................................................................................... 31
4.6 Contact extension/forcibly guided contacts.......................................................................................... 33
A Appendix for document lists ......................................................................................................................... 34
A 1 Explanation of terms .................................................................................................................................. 34
A 1 Case studies –connection to a PLC ........................................................................................................... 36
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 7
1 Introduction
Theterm“safety” derivesfromLatin
and
refers
to
astatethatisfreefrom
unacceptablerisks.
This fundamental human requirementis also enshrined in basic EUlaw.
The safety of machinesand systemsmainly depends on the correct application of
standards and directives. In Europe, the basis for this is the Machinery Directive, which
provides standard specifications to support companies when designing safety-related
machines. The
aimisto
eliminate barriers
to
tradewithin
the
EU.
However,
even
outsidethe
European
Economic
Area, manyEuropean standards are gaining
in
importance
duetotheir
internationalstatus.
Thefact that thesafetyof
machines
and
systems
notonlydepends onthe components and
technologies used, but is mainlyaffected by the “human”factor is no surprise.
1.1 Target group for this application manual
This manual is aimed at all designers of safety controllers.This manual should provide a
simple introduction to the technology of safety-relatedmachines and systemsand an
overviewof safety technology basics. You mustalways ensure you are familiar with the
directives, standards, and regulations relevant to the field of application.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 8
1.3 Symbols used
Emergencystop
AOPD light curtain
Movable guard
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 9
2 Safety of machines and systems
In modern industrial production, the amount of complex technical equipment used is
constantly increasing. The purpose of safety technology is to reduce the risk to people,
working animals,the environment,and machinesas far as possible, and to at least a
reasonabledegree. The availabilityof production equipmentshould not be restricted any
more than is absolutelynecessary.
Safetyis
relative.
Thereisno suchthingasanabsolutelysafemachine.
However,
sincethe
opening of the Europeansingle market, manufacturersand operators of machinesand
technical equipment are legally bound to observe Europeandirectives for the design and
operation of machines and systems.
When adhering to harmonized standards (assumed effect), which apply to a machine or
piece of technical equipment, it is assumed that they comply with legal regulationswhen
launched.
The Machinery Directiveis one of the most important single market directives. It is of such
importance because machineconstruction is one of the industrial mainstays of the
EuropeanEconomic Area. The Machinery Directive defines the requirementsmachinery
must meet before it can be placed on the market and operated in the EuropeanEconomic
Area.It also contains essential health and safety requirementsfor the planningand
construction of machinery and safety components.
Everymachine or system poses a risk. According to the requirements of the Machinery
Directive, a risk assessment must be carriedout for every machine.
If the risk is greater than the level of risk that can be tolerated,risk reduction must be
implemented.
Standard EN ISO12100 “Safetyof machinery - General principles for design - Risk
assessmentand risk reduction” describes the risks to be considered and the general
principles for design to reduce risk, and describes risk assessmentand risk reduction as a
repetitiveprocess to achieve safety. All phases in the life of the machine are therefore
assessed.
Procedure
Design-related
measures
All
implemented?
Safety
measures
All
implemented?
Organization
Risk
Figure1 Risk reduction in machines
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 10
2.1 Functional safety
Safety-related parts of machine control systems are frequently assigned to provide safety
functions. The contribution to the overall risk reduction of machinery by the safety-related
parts of a control system is determined according to EN ISO 12100.
Inordertoachievethenecessary
functional
safetyof a
machine
orsystem,itis
essential
for
the safety-relatedparts of the safety equipment and control devices to operatecorrectly
and, in the event of failure, for the system to remain in the safe state or enter a safe state.
The requirementsfor achieving functionalsafety are based on the following objectives
:
–Avoidance of systematicerrors
–Control of systematicerrors
–Control of random faults or failures
The requirementsof the safety-relatedparts of a machinecontrol system are specified in
EN ISO 13849 (and EN 62061).Thestandardspecifiesthevarioussafetylevelsintheform
of the “performance level”(and “safety integritylevel” (SIL)) for the safety-related parts
according to the degree of risk and describes the characteristicsof the safety functions.
2.2 Practical procedure according to EN ISO
13849
In practice, the following steps have proven effective when designing safe controllers
according to EN ISO 13849.
2.2.1 Definition of the safety function
The safety functions must be defined first. This informationis derived from the risk
assessment.
Example:
Trigger event: Opening the safety door.
Response: The robot drive is set to a safe stop state. The power
semiconductor pulses are disabled.
Safe state: Powercircuit has no power.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 11
S1
2.2.2 Determination of the required performance level (PL
r
)
The PLr is determined in combination with the safety function within the framework of the
higher-levelrisk assessment.For each safety function, the required PLr is estimatedusing
the risk graph below.
Low
risk
Start
P1
F1
S1
P2
P1
F2
P2
P1
F1
P2
P1
F2
P2
a
b
Required
c
performance
level
d
e
High
risk
Figure2 Risk graph(according to EN 13849-1)
Meaning of individualparameters:
S: severity of injury
S1 Slight (normally reversible)
injury
S2 Serious (normally irreversible)injury
F: frequency and duration of exposure to the hazard
F1 Seldom to not very frequent or exposureto hazard is brief
F2 Frequentto continuousor exposure to hazard is long
P: possibility of avoiding or limiting damage
P1 Possible underspecific conditio
ns
P2 Scarcely possible
2.2.3 Technical implementation
This step involves the technical pre-planning of the safety function, taking possible
technologiesand
components
intoaccount.
Thesafety-related
componentsand
parts
must
then be identified for later verification.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 12
d
2.2.4 Dividing the safety function into subsystems
In the next step, a
safety-related
block diagram must be created for further
evaluation.
As a
rule,a safetyfunctionconsistsof sensor - logic - actuator.Inthesimplestcase,eachone
is a
subsystem.
Thesesubsystemsareconnected inseriesto formthe
overall
safetyfunction.
L
I
m
L Im O
Figure3 Safety-related block diagram (according to EN 13849-1)
2.2.5 Determination of the achieved PL for each subsystem
A characteristicvalue when determining the performancelevel is the PFHd value, the
statistical “probability of a dangerousfailure perhour”. The safety characteristics can be
found in the FUNCTIONAL
SAFETY CHARACTERISTICS
data sheet or the SISTEMA
library.
Thediagrambelow showsthebasic relationshipbetweenPLand thesafetycharacteristics
category,DC, and MTTFd.
PFHD
a
-5
MTTF
d
low
10
b MTTF
d
10
-6
medium
c MTTF
-7
10
high
d
-8
10
e
Cat. B Cat. 1 Cat. 2 Cat. 2 Cat. 3 Cat. 3 Cat.
4
Dc
avg
none
Dc
avg
none
Dc
avg
low
Dc
avg
medium
Dc
avg
low
Dc
avg
medium
Dc
avg
high
Figure 4 Relationship between PL, category, DC, and MTTFd
(according to EN 13849-1)
The category is an importantparameter when determining the PL. The categoryterm has
been taken from the previous standard EN 954-1. The requirementsfor the categories are
listed below.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 13
Table 1 Explanationof categories
Category
Summary of requirement
s
System b
e
h
a
vi
or
Principle to achieve safety
B
Safety-relatedparts of control systems
and/or theirprotective equipment,as well
as their components, shall be designed,
constructed, selected, assembled, and
combined in accordance with relevant
standards so that they can withstand the
expected influences.Basic safety
principles must be used.
The occurrenceof a fault can
lead to the loss of the safety
function.
Mainly characterizedby the
selection of components.
1
The requirementsof category B must be
met. Provencomponents and proven
safety principles must be used.
The occurrenceof a fault can
lead to the loss of the safety
function but the probability of
occurrence is lower than that
for category B.
Mainly characterizedby the
selection of components.
2
The
requirementsofcategory
Band
the
use
of proven safety principles must be met.
The safety function must be tested by the
machine control system at suitable
intervals.
The occurrenceof a fault can
lead to the loss of the safety
function between the tests.
The
lossofthesafetyfunction
is detected by the test.
Mainly characterizedby the
structure.
3
The
requirementsofcategory
Band
the
use
of proven safety principles must be met.
Safety-relatedparts must be designed so
that:
–A single fault in
any of these parts does notlead to the loss
of the safety function; and
–the single fault is detected, whenever
this is feasibly possible.
When the single faultoccurs,
the safety function is always
performed.Somebut not all
faults are detected. An
accumulationof undetec
t
ed
faults can lead to the loss of
the safety function.
Mainly characterizedby the
structure.
4
The
requirementsofcategory
Band
the
use
of proven safety principles must be met.
Safety-relatedparts must be designed so
that:
–A single fault
in any of these parts does not lead to the
loss of the safety function; and
–thesinglefaultis detected onorbefore
thenextdemandofthesafetyfunction.
If detection is not possible, an
accumulationof undetected
faults
must
not lead to the loss of the safety
function.
When the single faultoccurs,
the safety function is always
performed. The detection of
accumulated faults reduces
the probability of the loss of
the safety function (high DC).
The
faults
are
detected
in
time
to prevent a loss of the safety
function.
Mainly characterizedby the
structure.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 14
2.2.6 Determination of the achieved PL for the overall safety
function
Forsubsystems with integrated diagnostic functions such as safetydevices and safety
controllers,the achieved PFHd and PL are provided by the manufacturerwith the
specification of the category.
Forsubsystems consisting of discrete components (e.g., switches, contactors, valves,
etc.), the PFHd value is determined from the category,DC, and MTTFd. Forcomponents
thataresubjectto wear,the MTTFd is determined based onthe
number
of
operating
cycles
using the B10d value provided by the component manufacturer.
In addition, for category 2 or higherthe effect of common cause failure(CCF) must also be
considered.
2.2.7 Verification of the achieved PL
Each individual subsystem and the entire safety chain must both meet the requirements of
the necessary PLr. This includes both the quantitative evaluation and the consideration of
systematicaspects, such as provencomponents and safetyprinciples.
The systematicaspects include:
–Correct dimensioning of components
–Consideration of expected operating conditions and ambient conditions
–Use of basic and proven safety principles
–Avoidance of specification errors and software errors through testing
2.2.8
V
alidatio
n
The last step should check whether the selected measures achieve the necessary risk
reduction and therefore the protection objectives of the risk assessment. The result of the
validationprocess is included in the final risk assessment.
Thepurpose of the validationprocessis to confirmthespecificationand levelofconformity
of the design of safety-related parts of the control system (SRP/CS) within the overall
specifications for the safety requirementsof the machinery. Before validationof the design
of the SRP/CSor the combination of SRP/CSthat contains the safety function, the
specification requirementfor the safety function must be confirmed. Validation involves
performinganalysisand function tests under normal conditions in accordance with the
validationplan.
EN ISO 13849-2 containsdetailed
requirements
and describes the basic procedure for the
individual validationprocesses.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 15
F
Frequency
and
duration
< 1
hour
5
> 1
hour
to < 1
day
5
> day to < 2
weeks
4
> 2
weeks
to < 1
year
3
> 1
year
2
W
Probability
of a
hazardous event
Frequent
5
Probable
4
Possible
4
Seldom
3
Negligible
2
2.3 Practical procedure according to EN ISO
62061
In practice, the following steps have proven effective when designing safe controllers
according to EN 62061.
2.3.1 Specificationof requirements forthesafety-related control
function (SRCF)
The safety function must be defined first. This informationis derived from the risk
assessment.
Example:
Trigger event: Opening the safety door.
Response: The robot drive is set to a safe stop state. The power
semiconductor pulses are disabled.
Safe state: Powercircuit has no power.
2.3.2 Determination of the required safety integrity level
(SIL)
The
required
SILisdeterminedincombinationwiththesafetyfunctionwithintheframework
of the higher-level risk assessment.
Effect
Severity
Class Class
Class
Class
C
lass
S 3 - 4 5 - 7 8 - 10 11 - 13 14 -
15
Death,
loss
of an eye or
arm
Permanent,loss
of
fingers
4 SIL 2 SIL 2 SIL 2 SIL 3 SIL
3
3 SIL 1 SIL 2 SIL
3
Reversible, medical treatment
Reversible, first aid
2
Other measures
1
SIL 1 SIL
3
SIL
1
P
Avoidance
+ +
Impossible
4
Possible
3
Probable
2
Figure5 Example of specifying the SIL (according to EN 62061)
2.3.3 Drafting the safety-related electrical control system
(SRECS)
This step involves the technical pre-planning of the safety function, taking possible
technologiesand
components
intoaccount.
Thesafety-related
componentsand
parts
must
then be identified for later verification.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 16
2.3.4 Determination of the achieved safety integrity for the entire
SRECS
To determinethe achieved safetyintegrity level, the PFHd values of the individual
subsystems
must nowbe added together.TheresultmustliewithintheSILrequiredforthe
safety function.
Table 2 Determinationof the safety integritylevel (according to EN 62061)
Safety
integrity level
Probability of a dangerous failure per hour
(
PFH
D
)
3
≥10-8 to < 10-7
2
≥10-7 to < 10-6
1
≥10-6 to < 10-5
Furthermore,
the SIL CL of an individual subsystem determines the maximum achievable
SIL for the SRECS. Forsafety components with integrated diagnostics, this is provided by
the manufacturer.For subsystems consisting of discrete components, this value must be
determined using the table below.
Table 3 Determinationof the safety integrity level for a subsystem with discrete
components (according to EN 62061)
Safe failure fraction
Hardware fault tolerance
1)
0
1
2
< 60%
Not permitted 2)
SIL 1
SIL 2
60% to < 90%
SIL 1
SIL 2
SIL 3
90% to < 99%
SIL 2
SIL 3
SIL 3
≥99%
SIL 3
SIL 3
SIL 3
1) A hardwarefault tolerance of N means that N + 1 faults can lead to a loss of the SRCF.
2) See EN ISO 62061, Section6.7.7
2.3.5 Verification of the achieved SIL
Each individual subsystem and the entire safety chain must both meet the requirements of
the necessary SIL. This includes both the quantitative evaluation and the consideration of
systematicaspects.
The systematic aspects include:
–Correct dimensioning of components
–Consideration of expected operatingconditions and ambient conditions
–Use of basic and proven safetyprinciples
–Avoidance of specification errors and software errors throughtesting
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 17
2.3.6
V
alidatio
n
The last step should check whether theselected measuresachieve the necessaryrisk
reduction and therefore the protection objectives.
The result of the validation process is included in the final risk assessment.
Thepurpose of the validationprocessis to confirm thespecificationandlevelof conformity
of the design of safety-related parts of the control system (SRP/CS) within the overall
specifications for the safety requirementsof the machinery. Beforevalidationof the design
of the SRP/CSor the combination of SRP/CSthat contains the safety function, the
specification requirementfor the safety function must be confirmed. Validationinvolves
performinganalysisand function tests under normal conditions in accordance with the
validationplan.
EN ISO 13849-2 contains detailed requirementsand describes the basic procedure forthe
individual validationprocesses.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 18
(
)
3 Safety technology basics
3.1 Cross-circuit detection
In both category 3 and category4, a first fault must never lead to the loss of the safety
function. This often makes it necessaryto provide redundancy in the control structure.
Cross-circuit detection has the ability to detect short circuits, bridges or short circuits to
ground between two channels either immediatelyor within the framework of cyclic self-
monitoring.
A cross circuit may be due to one of the following reasons:
–Squeezing
–High temperatures
–Chips
–
A
c
i
ds
L+
(L1)
1.
2.
A1 S11 S12 S21 S22
(+) ( ) (GND) ( )
PTC
3. K1 K2
( )
A2 S33
S34
M
(N)
Figure 6 Cross-circuit detection
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 19
3.2 Maximum cable lengths
Depending on thesize of themachineorsystem,a considerableamountof cabling may be
required to wire the sensors.
Make sure that the specified cable lengths are not exceeded, so as to ensure error-free
operationof the safety relay.
Application manual for YRB-4EML-31S safety relay
Contrinex AG Industrial Electronics 20
3.3 Stop
Stop categories according to EN
6020
4-1
Everymachine must be fitted with emergencystop equipment.
As per EN 60204-1, this must be implemented in stop category 0 or stop category 1 and
must be able to functionindependently of the operating mode.
In
ordertostopa
machine, three
stop
categories are
defined inEN
60204-1,
whichdescribe
the stop control sequence independently of an emergencysituation.
Stop category 0 •Stopping by immediateremoval of power to the machine
drives
(i.e., an uncontrolled stop).
Stop
Figure 7 Stop category0 example
Stop category 1 •A controlledstop withpower
available
tothe
machine
drivestoachievethestop;power
is removed only when the stop is achieved.
Stop
Brake
Figure 8 Stop category1 example
Table of contents
Other Contrinex Relay manuals
Popular Relay manuals by other brands
CARLO GAVAZZI
CARLO GAVAZZI DIB01CB23 installation instructions
Pilz
Pilz S1MO 22216-3FR-01 operating instructions
Neets
Neets Switching Relay - 8 Installation guides
WESTINGSHOUSE
WESTINGSHOUSE CA-16 Installation, operation & maintenance instructions
M-system
M-system R7M-RR8 instruction manual
Siemens
Siemens CRM-4 installation instructions
Pilz
Pilz P2HZ X3 operating manual
Basler
Basler BE1-25 instruction manual
Siemens
Siemens SIRIUS 3TK2827 operating instructions
Eaton
Eaton EMR-4000 Installation, operation and maintenance
ABB
ABB CM Series Operating and installation instructions
CTM LYNG
CTM LYNG Mkomfy R-T 25A Installation instructions user instructions
