Rockwell automation Allen-bradley 442g multifunctional access... User guide

Application Technique

Safe-monitored Access via a 442G Access Box and a Guardmaster

GLP Safety Relay Safety Function

Products: 442G Access Box, Guardmaster GLP Safety Relay, 100S-C Contactors

Safety Rating: Cat. 3, PLd to ISO 13849-1: 2015

Topic Page

Important User Information 2

General Safety Information 3

Introduction 4

Safety Function Realization: Risk Assessment 5

Safety Functions 5

Safety Function Requirements 5

Functional Safety Description 6

Bill of Material 7

Setup and Wiring 7

Configuration 11

Calculation of the Performance Level 12

Verification and Validation Plan 15

Additional Resources 16

2Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Important User Information

Read this document and the documents listed in the additional resources section about installation, configuration, and

operation of this equipment before you install, configure, operate, or maintain this product. Users are required to

familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws,

and standards.

Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are

required to be carried out by suitably trained personnel in accordance with applicable code of practice.

If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may

be impaired.

In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from

the use or application of this equipment.

The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and

requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or

liability for actual use based on the examples and diagrams.

No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or

software described in this manual.

Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation,

Inc., is prohibited.

Throughout this manual, when necessary, we use notes to make you aware of safety considerations.

Labels may also be on or inside the equipment to provide specific precautions.

WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal

injury or death, property damage, or economic loss.

ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss.

Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.

IMPORTANT Identifies information that is critical for successful application and understanding of the product.

SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.

BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.

ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will

cause severe injury or death.Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for

Personal Protective Equipment (PPE).

Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019 3

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

General Safety Information

Contact Rockwell Automation to learn more about our safety risk assessment services.

Safety Distance Calculations

Non-separating safeguards provide no physical barrier to prevent access to a hazard. Publications that offer guidance for

calculating compliant safety distances for safety systems that use non-separating safeguards, such as light curtains,

scanners, two-hand controls, or safety mats, include the following:

EN ISO 13855:2010 (Safety of Machinery – Positioning of safeguards with respect to the approach speeds of

parts of the human body)

EN ISO 13857:2008 (Safety of Machinery – Safety distances to prevent hazardous zones being reached by upper

and lower limbs)

ANSI B11:19 2010 (Machines – Performance Criteria for Safeguarding)

Separating safeguards monitor a movable, physical barrier that guards access to a hazard. Publications that offer guidance

for calculating compliant access times for safety systems that use separating safeguards, such as gates with limit switches

or interlocks (including SensaGuard™ switches), and guard locks, include the following:

EN ISO 14119:2013 (Safety of Machinery – Interlocking devices associated with guards - Principles for design

and selection)

EN ISO 13855:2010 (Safety of Machinery – Positioning of safeguards with respect to the approach speeds of

parts of the human body)

EN ISO 13857:2008 (Safety of Machinery – Safety distances to prevent hazardous zones being reached by upper

and lower limbs)

ANSI B11:19 2010 (Machines – Performance Criteria for Safeguarding)

In addition, consult relevant national or local safety standards to verify compliance.

IMPORTANT This application example is for advanced users and assumes that you are trained and experienced in safety system requirements.

ATTENTION: Perform a risk assessment to make sure that all task and hazard combinations have been identified and addressed. The risk assessment can require

additional circuitry to reduce the risk to a tolerable level. Safety circuits must consider safety distance calculations, which are not part of the scope of this

document.

ATTENTION: While safety distance or access time calculations are beyond the scope of this document, compliant safety circuits must often consider a safety

distance or access time calculation.

4Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Introduction

This document explains how to wire, configure, verify, and validate a safety system that is designed to provide safe,

monitored access into a hard-guarded area only after hazardous motion within the area has ceased. The system includes,

and is specific to, a multifunctional access box (MAB), a Guardmaster® GLP safety relay, and 100S contactors as its

primary devices. The GLP safety relay monitors two proximity sensors to determine the speed of hazardous motion and

the state of the MAB to determine when the monitored motion is at a safe speed before allowing access to the guarded

area by unlocking the MAB. The GLP safety relay monitors the proximity sensors, the MAB, and itself for faults. When

a fault is detected, the GLP does not unlock the MAB to prevent access to the guarded area until the fault is corrected.

Access Components of the Safety Function

The component files (AutoCAD, EPLAN, SISTEMA, and Verification and Validation checklist) that are attached to

this document help you implement this safety function. To access these components, click the Attachments link , and

right-click and save the component that you want to use. If the PDF file opens in a browser and you don't see the

Attachments link , download the PDF file and then reopen the file with the Adobe Acrobat Reader application.

Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019 5

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Safety Function Realization: Risk Assessment

The required Performance Level (PLr) is the result of a risk assessment and refers to the amount of the risk reduction to

be conducted by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety

functions of the machine. In this application, the Performance Level that is required by the risk assessment is category 3,

Performance Level d (cat. 3, PLd), for each safety function. A safety system that achieves cat. 3, PLd, or higher, can be

considered control reliable. Each safety product has its own rating and can be combined to create a safety function that

meets or exceeds the PLr.

Safety Functions

This application technique includes two safety functions:

•Safe-monitored access

•Prevention of unexpected startup

Safety Function Requirements

An MAB-controlled, locked gate helps prevent access to a guarded area where there can be hazardous motion. When

access is required, pressing and releasing an Unlock Request button removes power to the motor that drives hazardous

motion and signals the GLP speed monitoring relay that the gate must be unlocked when the monitored speed drops to

the configured safe maximum speed. When the speed monitoring relay confirms that the monitored speed is at or below

the configured safe maximum speed, the GLP sends unlock commands to the MAB. The gate can then be opened.

Hazardous motion cannot be restored until the gate is closed and locked. Once the gate is closed and locked, pressing and

releasing the Restart button energizes the two contactors, which restores power to the motor.

The safety functions in this application technique each meet or exceed the requirements for category 3, Performance

Level d (cat. 3, PLd), per ISO 13849-1 and control reliable operation per ANSI B11.19.

From: Risk Assessment (ISO 12100)

1. Identification of safety functions

2. Specification of characteristics of each function

3. Determination of required PL (PLr) for each safety function

To: Realization and PL Evaluation

6Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Functional Safety Description

A process that includes hazardous motion that is driven by an electric motor is hard-guarded by fences.

Hazardous motion can be stopped and started by using an external Stop/Start switch without providing access to the

guarded area. Pressing and releasing the Stop button immediately de-energizes the two 100S contactors. Hazardous

motion coasts to a stop (stop category 0). The gate remains locked. Pressing and releasing the Start button re-energizes

the two 100S contactors, which restores power to the motor and hazardous motion begins.

Full-body access to the area is provided via a gate. The gate is locked by an MAB guard lock, which helps prevent access

while hazardous motion is present. The GLP safety relay monitors the OSSD outputs of the MAB to confirm that the

MAB is closed and locked. The GLP safety relay senses the speed of hazardous motion by monitoring two proximity

sensors that monitor a rotating target disk mounted as directly to hazardous motion as reasonably practical.

When access is required, pressing the Unlock Request button trips the Guardmaster 440R SI relay, which turns off its

safety outputs and de-energizes the K1 and K2 contactors. This action removes power from the motor and hazardous

motion coasts to a stop. The SI relay deactivates its single wire safety (SWS) output, which prepares the GLP safety relay

to send an Unlock Command to the MAB when hazardous motion is at or below the configured maximum safe speed.

When the safe slow speed is reached, the GLP relay sends the Unlock Command and de-energizes contactors K3 and K4.

When the MAB receives the Unlock commands, it unlocks the gate. Then, rotating the MAB handle retracts the bolt,

which allows access to the guarded area. The amber Guard Unlocked stack light flashes to show that the gate is unlocked.

Power cannot be restored to the motor until the gate is closed, the MAB handle is rotated to extend the bolt, and the gate

locked by pressing and releasing the Lock Request (GLP Reset) button on the MAB cover. The Lock Request signal is

routed to the GLP relay via two N.C. contacts on the K1 and K2 contactors. Upon receipt of the Lock request, the GLP

relay ceases the Unlock commands. The MAB locks the gate. The amber Guard Unlocked stack light turns OFF. At the

same time, the GLP relay energizes the coils of the K3 and K4 contactors and their N.O. contacts close. Pressing the

Restart button energizes the 100S contactors; their N.O. contacts close, and power to the motor is restored.

The scope of this document is limited to the safe monitored access and prevention of unexpected startup safety

functions. When full-body access is allowed, additional safety functions may be necessary to prevent harm to personnel

while they are in the guarded area. Which, if any, additional safety functions are required is determined by a risk

assessment and is beyond the scope of this document.

The optional escape release handle, which is mounted to be accessible only from inside the safeguarded area, is one of the

parts that is listed in this document.

Use of the escape release is regarded as a non-standard event and faults the MAB. The MAB must be reset before

operation of the guarded machine can be resumed. A Reset MAB Fault button is included in the circuit diagram. The

MAB reset process is described in the Multi-functional Access Box User Manual, publication 442G-UM001.

IMPORTANT If the risk assessment determines that there is a likelihood of entrapment, then an escape release is required, according to ISO 14119.

Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019 7

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Bill of Material

This application technique uses these products.

Setup and Wiring

For detailed information on how to install and wire, refer to the publications that are listed in the Additional Resources.

System Overview

This document assumes that an external Stop-Start switch is installed. That switch removes and restores the three-phase

power that is controlled by contactors K1 and K2. When the three-phase power is removed, hazardous motion coasts,

uncontrolled, to a stop category 0. The external Stop/Start switch does not act upon the safety circuit in any other way. If

a subsequent Unlock request is not initiated by pressing and releasing the Unlock Request button, the gate remains

locked. When the external switch restores three-phase power, the motor and hazardous motion resumes.

The following sections describe an unlock gate, lock gate, and start operating sequence for the MAB system.

Unlock Gate

When the motor runs in the locked guarded area, pressing and releasing the Unlock Request button causes the SI relay to

turn off its safety outputs. The K1 and K2 contactors are de-energized and the motor coasts, uncontrolled, to a stop

Cat. No. Description Quantity

440R-S12R2 440R single-function safety relays, one dual-channel universal input, one N.C. contact, solid-state, two N.O. contacts,

one SWS output, 24V DC, removable, configured automatic, manual, or manual-monitored reset

800FP-F5PX11V 800F push button, plastic, flush, yellow, no legend, plastic latch mount, one N.O. contact, one N.C. contact, low

voltage, standard pack (quantity 1)

442G-MABH-R Handle assembly, 442G access box, right-hinged door with bolt-locking mechanism 1

442G-MABE1 Escape release, 442G-MAB, standard shaft 1

442G-MABAMPH 442G-MAB mounting plate, handle assembly 1

442G-MABAMPL 442G-MAB mounting plate, lock module 1

889M-F19RM-2 M23, female, straight, 19-P, PUR cable, black, unshielded, IEC color coded, no connector, 2 m (6.56 feet) 1

442G-MABR-URM-C02 Lock module, 442G access box, power-to release, unique Code, M23 connector, right-hand guard, two push buttons 1

800FP-F3PX10V 800F push button, plastic, flush, green, no legend, plastic latch mount, one N.O. contact, no N.C. contact, low voltage,

standard pack (quantity 1)

100S-C16EJ14BC 100S-C safety contactor, 16 A, 24V DC (with electric coil), bifurcated contact 2

440R-GL2S2P Monitoring safety relay, one dual-channel input, two PNP proximity sensors, one N.C. solid-state auxiliary output 1

872C-D8NP18-E2 Proximity sensor, three-wire DC standard barrel, 18 mm (.71 in.) diameter, tubular, nickel-plated brass, standard,

8 mm (.32 in.) sensing distance, unshielded, normally open, source (PNP) output, PVC cable (5 cond)

889D-F4NE-5 DC Micro (M12), female, straight, four-pin, PVC cable, red, unshielded, IEC color coded, no connector, 5 m (16.4 ft) 2

700-HPS2Z24 Safety control relay, 700-HP general-purpose PCB PIN style relay, 8 A, 2 pole, DPDT, 24V DC (package quantity of 10) 2

700-HN123 Mini eight-pin screw terminal socket, touch-safe terminal construction, incorporates coil and contact separation

(package quantity of 10)

700-ADL1R Diode with LED surge suppressor, 6...24V DC (package quantity of 10) 2

855EP-B24L5 Control tower stack light, pre-assembled, 10 cm (3.94 in.) pole mount with cap, black housing, 24V AC/DC full-

voltage, amber flashing status indicator

8Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

category 0. At the same time, the SI relay deactivates its SWS output. In response, the GLP safety relay prepares to turn its

safety outputs OFF and its Unlock commands ON when the proximity sensor inputs to the GLP safety relay confirm

that hazardous motion is at or below the configured safe speed of 0.5 Hz. When the speed of hazardous motion has

dropped to 0.5 Hz, the GLP safety relay initiates its Frequency Measuring Time delay of 10.1 seconds. This delay is to

verify that the speed really is at or below the configured safe speed. When this time has elapsed, without the monitored

speed exceeding 0.5 Hz, the GLP safety relay turns its safety outputs, X14 and X24, OFF, which de-energizes the K3 and

K4 contactors. The N.O. contacts of K3 and K4 open and break the connection between the Stop-Start circuit and K1

and K2. This action helps prevent a Restart until the K3 and K4 contactors are energized. The GLP safety relay turns its

Unlock Command outputs ON. The 51 Unlock command powers the solenoid of the MAB and unlocks the gate. The

K3 and K4 contactors cannot be re-energized until the gate is closed and locked. The L 61 Unlock command powers the

Guard Unlocked flashing amber stack light to show that the gate is unlocked. The handle of the MAB can now be

rotated to retract the bolt, and the gate can be opened.

Lock Gate

Once the required task is complete, and it is confirmed that no one remains in the guarded area, the gate is closed and the

handle of the MAB is rotated to extend the bolt. Pressing and releasing the Lock Request button on the MAB cover

requests the GLP safety relay to end the Unlock commands. The Lock Request button connects to terminal S44 of the

GLP safety relay via the two N.C. contacts of K1 and K2 contactors, which closed when the Unlock was requested. The

gate cannot be locked if these contacts are not closed. The GLP safety relay turns the Unlock Command outputs OFF.

The amber stack light turns OFF to show that the gate is locked. The solenoid of the MAB drops out and the gate is

locked. Once the OSSD outputs of the MAB confirm to the GLP safety relay that the gate is closed, and the bolt is

extended and locked, the GLP safety relay turns its safety outputs ON. This action energizes the K3 and K4 contactors.

Their N.O. contacts close and restore the connection between 24V DC and the Restart circuit.

Start

Pressing the Restart button energizes the K1 and K2 contactors. Their N.O. contacts close and restore power to the

motor. Hazardous motion begins.

Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019 9

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Electrical Schematic

For an electrical schematic in AutoCAD or ePLAN format, see the attached files.

L12

S54

L11

P22

P12

LOGIC

S22

S12

Y32

S44

X14

X24

L61

GLP

889M-F19RM-X

24V DC, Class 2, PELV

Brn

Blu

Blk

872C-D8NP18-E5 (2)

Red/Blu

Grn/Blk

Vio

Blu

Brn

440R-GL2S2P

SL2

Unlock Cmd

Lock Request

MAB cover Yel/Brn

Wht/Grn

Pnk

Reset

MAB Fault

Gry/Pnk

L1 L2 L3

Note 2: K1 and K2 = 100S-C16EJ14BC - E J contactors have integral

transient suppression. External transient suppression may be

required when non-”EJ” contactors are used.

K3 and K4 = 700-HPSXZ24 DPDT Safety relays with 700-ADL12

suppressor -Red LED modules

OL: True when the door is closed, the bolt is

extended and locked.

OT: True when the door is closed and the bolt is

extended, locked or not.

OI: True when the MAB is faulted.

Status

to PAC

A2 L11

S21

S11

S22

S12

Y32

S34

Status

to PAC

0V DC

442G-MAB PTR Hardware Rev. A

- see Note 2

- see Note 1

Note 1: UA: Connected to 24V internally in MAB

LOGIC

SL1

Restart

K1 K2

K3 K4

MAB cover

440R-S12R2

K3 K4 Status

to PAC

Status

to PAC

K1 K2

OI Wht/Yel

Status

to PAC Guard Unlocked

- see Note 2

External

Stop/Start

Status

to PAC

Unlock Request

24V DC, Class 2, PELV

Status

to PAC

Status

to PAC

Status

to PAC

Status

to PAC

Status

to PAC

0V DC

Unlock Request

Restart

MAB Cover

LOGIC

Lock Request

External

Stop/Start

Guard Unlocked

Reset

MAB Fault

Unlock CMD

Hardware Rev. A

Status

to PAC

See Note 1

See Note 2

Note 1: UA: Connected to 24V internally in MAB.

OL: True when the door is closed, and the bolt is extended and locked.

OT: True when the door is closed and the bolt is extended, locked or not.

OI: True when the MAB is faulted.

K1 and K2 = 100S-C16EJ14BC–EJ contactors have integral transient suppression. External

transient suppression may be required when non-EJ contactors are used.

K3 and K4 = 700-HPSXZ24 DPDT safety relays with 700-ADL12 suppressor–red LED modules.

Note 2:

10 Rockwell Automation Publication SAFETY-AT166A-EN-P - June 2019

Safe-monitored Access via a 442G Access Box and a Guardmaster GLP Safety Relay Safety Function

Timing Diagram

Typical Gate Opened, Gate Closed, and Restart Sequence

Unlock Request (ULR)

SI Status

Single Wire Safety – SI

Contactors K1 and K2

K1–K2 Feedback – GLP Reset

Motor

Hazardous Motion

Frequency Measuring Time

Unlock Command

MAB Lock

MAB OSSDs

Contactors K3 and K4

K3–K4 Feedback – SI Reset

Guarded Gate

MAB Lock Request (LR)

Press Start Button

ULR Frequency Measuring

Time Expired LR

manually

operated

Drops to

safe speed

0.5 Hz

10.1 sec

Reset/Running

Tripped

Inactive

De-energized

Powered

Active

Energized

Power Removed

Moving

Timing

Not Timing/Expired

Off

Stopped

Unlocked

Locked

Energized

De-energized

Open

Closed and Latched

High for 0.25 sec. min. to 3 sec. max.

This manual suits for next models

Table of contents

Other Rockwell Automation IP Access Controllers manuals

Rockwell Automation

Rockwell Automation Allen-Bradley Guardmaster 442G-MABH Series User manual

Rockwell Automation

Rockwell Automation Allen-Bradley Guardmaster 442G MABH Series User manual

Popular IP Access Controllers manuals by other brands

Ava

Ava bqt miPASS BT510 installation guide

ZKTeco

ZKTeco SpeedFace-V5L user manual

2N Access Unit Configuration manual

Kedacom

Kedacom KSCA120 Series quick start guide

H3C

H3C WX2880X installation guide

G4S

G4S S870-EX Installation and user instructions

PRASTEL

PRASTEL M2000PE manual

Allegion

Allegion interflex IF-281 Cylinder manual

TECOM

TECOM TS1067E manual

Fermax

Fermax Memokey 100C Installer manual

Fermax

Fermax CITYLINE MEMOKEY User& installer's manual

Civintec

Civintec CV9601T-T-1F installation manual

BioMax

BioMax N-X90W user manual

ZKTeco

ZKTeco OP-200 quick start guide

FingerTec

FingerTec s-Kadex user guide

H3C

H3C WX5002ACCESSCONTROLLER installation manual

Conrad Electronic

Conrad Electronic KeyMatic CAC operating instructions

IDTECK

IDTECK Star 100R manual

Rockwell Automation Allen-Bradley 442G Multifunctional Access... User guide

Popular IP Access Controllers manuals by other brands