The present invention relates to a technology which constructs a safety device compliant with various kinds of safety standards, and in particular, it relates to a safety device for a power converter such as an inverter or servo amplifier which drives a motor, or for an instrument to be controlled by a programmable logic controller (PLC), or the like.
In recent years, due to the necessity of saving energy, a power converter which drives a motor at variable speeds has become popular. Since abnormal operation of an electrical instrument can lead to a serious accident, improvements in safety are being demanded. Also, strict safety standards are established in order to keep the danger to the human body at each step of product development, design, production, maintenance, and disposal within a tolerance range.
As a widespread safety standard, for example, ISO13849 is stipulated. In particular, relating to electrical instruments, there is a safety standard called IEC61508, and a subordinate standard called IEC61800-5-2, which governs motor control devices such as inverters or servo amplifiers. In Japan, the development of motor control devices compliant with these international standards is being actively pursued.
Also, in Europe, motor control devices compliant with the IEC61800-5-2 standard are coming onto the market. In order to comply with these safety standards, it is necessary not only to document the development structure and concept, and to receive certification of whether or not the safety standards are complied with, but also to monitor for an abnormality of a controlled instrument or of a control device and, in the event that an abnormality is detected, to safely stop the controlled instrument in accordance with specifications.
This kind of safety standard is reviewed from time to time, and every time it is, enormous development costs and time are needed to newly develop a control device (hereafter called a “safety device”) which has a safety function. Also, as the level of safety standard needed, and the environment in which a controlled instrument is used, vary depending on the client, it is necessary to provide a safety device appropriate to the safety level required by each individual client. For these reasons, consideration is given to separating control functions and safety functions, and achieving a reduction in development costs and a contraction of the development period by developing only a portion which needs to be dealt with individually.
As a heretofore known technology relating to safety functions, for example, a safety device provided with a safety function unit which, being independent of a controller which generates a control signal for driving a motor, carries out abnormality monitoring of the controller, is described in U.S. Pat. No. 7,253,577. The safety device, when an abnormality in the device is detected by the safety function unit, causes the motor to stop by interrupting a control signal output from the controller to the subject of control.
However, although it is described in the heretofore known technology that a controller with a control function and a safety function unit with a safety function are provided independently, a plurality of kinds of safety function units exist, and no consideration is given to configuring a safety device by combining each kind of safety function portion and the controller. In the event that a plurality of kinds of safety function units exist, it is envisaged that a safety function required of a controlled instrument does not operate due to an error in the operation of attaching or removing a safety function unit, or to a combination error. In order to avoid a dangerous situation occurring due to this kind of non-operation of a safety function, it is necessary to accurately determine that the correct safety function unit is correctly connected in the combination.