The present invention relates to a safety switching device for safely switching off an electrical load such as an electrically driven machine. The invention relates in particular to a safety switching device having a failsafe disconnection unit as well as a signaling unit, to both of which an external control signal is jointly supplied. The disconnection unit switches off the electrical load in a failsafe manner as a function of a defined signal state of the control signal, and the signaling unit produces an external reporting signal as a function of the defined signal state.
Safety switching devices like this are particularly used in industrial areas in order to carry out disconnection processes in a failsafe manner. xe2x80x9cFailsafexe2x80x9d in this context means that the switching device complies at least with Safety Category 3 of European Standard EN 954-1. For example, devices like these are used to stop a machine system from which a hazard originates, or to bring it to a safe state in some other way, as a reaction to the operation of an EMERGENCY OFF button or the opening of a guard door. It is also generally necessary to disconnect a machine or machine system entirely or at least partially in a failsafe manner in order to carry out maintenance or repair work. Since a malfunction or a failure of the safety switching device in a situation like this results in an immediate personnel hazard, the failsafety of such switching devices is subject to very stringent requirements. This leads to a very high degree of complexity associated with high costs for the development and manufacture of safety switching devices.
In some applications, there is a need to run down the machine or machine system in a controlled manner before it is actually disconnected, that is to say before the removal of the supply voltage. In this case, the machine is transferred to a defined rest state in a controlled manner by the machine controller. This is particularly advantageous when the restarting of the machine after being disconnected abruptly in the middle of the operating process is associated with difficulties. Furthermore, controlled running down before the actual disconnection avoids uncontrolled machine movement, for example due to inertia forces.
In order to allow a machine to be run down in a controlled manner before it is actually switched off, a known safety switching device has a first delay element, by means of which the switching-off process, that is to say the interruption of the power supply, is delayed by the first time interval. Before this time interval has elapsed, the signaling unit produces a state change in the external reporting signal, thus causing the control unit for the machine to bring it to the rest state.
In the known safety switching devices, the signaling unit essentially comprises two mutually redundant relays which, in contrast to the relays in the disconnection unit, trip without any delay when no current flows in their control circuit. In contrast, the relays in the disconnection unit have an off delay. Like the known safety switching device in total, the signaling unit is thus designed to be failsafe and thus produces a failsafe reporting signal. As already mentioned above, however, a safety switching device like this is complex and costly.
It is thus an object of the present invention to specify a safety switching device of the type mentioned before which can be produced at a lower cost, however with maintaining the required failsafety in its overall behavior.
According to one aspect of the invention, this object is achieved by the signaling unit being a non-failsafe unit which produces a non-failsafe reporting signal at one output of the switching device.
This solution is based on the realization that the production of the reporting signal is a sub process which, if seen on its own and in contrast to the overall process of switching off the machine, is not directly safety-critical. This is because a malfunction in the production of the reporting signal will at the latest be picked up after the first time interval has elapsed due to the fact that the power supply is interrupted then. In consequence, it is possible to place less stringent requirements on the failsafety of the signaling unit without reducing the failsafety of the entire safety switching device according to the invention. If the signaling unit is not made failsafe at all, this considerably reduces the complexity, so that the safety switching device according to the invention can be produced more easily and thus at a lower cost, overall.
In contrast to completely dispensing with the signaling unit, the safety switching device according to the invention has the advantage that the machine which is to be switched off can generally be run down in a controlled manner before being switched off. This avoids difficulties during restarting.
In a preferred refinement of the invention, the signaling unit deactivates the reporting signal without any delay when the defined signal state occurs.
This means that the signaling unit causes a state change in the external reporting signal virtually at the same time as the occurrence of the defined signal state of the control signal. It goes without saying that exact time correspondence cannot be achieved in practice, owing to the technically dependent signal delay times. xe2x80x9cWithout delayxe2x80x9d thus means that there are no additional delays in the reaction of the signaling unit beyond the unavoidable signal delay times. This measure has the advantage that the operating control system for the machine has a maximum time period available in order to run down the machine in a controlled manner. Conversely, the first time interval may be kept very short, which allows the safety switching device to react quickly, overall.
In a further refinement of the invention, the control signal includes an operating voltage for the switching device, with the defined signal state corresponding to absence of the operating voltage.
This provides additional safety, since the safety switching device initiates the switching-off process automatically when its own operating voltage is removed. In the event of a failure of the safety switching device, the monitored machine is thus run down automatically, and is switched off in a failsafe manner.
In a further refinement, the safety switching device has a logic OR gate, which links the operating voltage to an externally supplied disconnection signal of a tripping element, with the defined signal state corresponding to absence of the operating voltage or to operation of the tripping element.
This measure provides two-channel drive for the safety switching device in a simple manner, thus further increasing the failsafety.
In a further refinement of the invention, the signaling unit has a second delay element, by means of which the production of the reporting signal is delayed by a second time interval when the switching device is switched on.
This measure has the advantage that the supply voltage for the machine is already available in a stable manner before the signaling unit produces the external reporting signal and the operating control system for the machine in consequence causes the machine to run up. In this case, this advantageous time sequence can be achieved without any additional external circuitry and timers, thus simplifying the use and the installation of the safety switching device according to the invention.
In a further refinement of the invention, the disconnection unit has at least two mutually redundant switching means, which are arranged in series with one another.
This measure, which is known per se, makes it possible to make the disconnection unit failsafe in the sense of European Standard EN 954-1, so that the safety switching device according to the invention can comply with this standard, overall.
In a further refinement of the measure mentioned above, the switching means have at least one positively-guided auxiliary contact, which is connected in a monitoring circuit.
This measure results in even better failsafety, since this additionally allows the operability of the disconnection unit to be monitored.
In a further preferred refinement of the invention, the disconnection unit and the signaling unit are arranged in a common switching device enclosure.
This measure has the advantage that the safety switching device according to the invention is available as a compact component, thus considerably simplifying its installation in a machine system that is to be monitored. In this case, it is particularly advantageous that the time sequences between the disconnection unit and the signaling unit are controlled within the device, thus avoiding faults in the installation and undesirable manipulations.
It goes without saying that the features mentioned above and those which are still to be explained in the following text can be used not only in the respectively stated combination but also in other combinations or on their own, without departing from the scope of the present invention.