The present invention relates to a safety switching apparatus and a method for switching on or switching off a technical installation in a failsafe manner, and more particularly, to a safety switching apparatus and method that operate more efficiently in terms of energy consumption and power saving.
A safety switching apparatus in terms of the present invention is any switching apparatus that is designed to meet the safety standards for industrial machines, such as EN ISO 13849 and/or EN/IEC 62061 or related safety standards. Particularly, a safety switching apparatus in terms of the present invention is designed to meet the requirements of PL d (Performance Level d) according to EN ISO 13849 and/or SIL 2 (Safety Integrity Level) based on EN/IEC 62061. This includes safety relays, safety controllers, and also sensor and actuator modules which are used for controlling and performing safety critical tasks in the field of industrial production environments. For example, safety relays are known which monitor the operating position of an emergency off button or a guard door or, by way of example, the operational state of a light barrier and take this as a basis for disconnecting a load current into a machine or a machine area. Failure of such safety switching apparatuses can have life endangering consequences for machine personnel, for which reason safety switching apparatuses are typically used only when they are certified by relevant supervisory authorities, such as occupational health organizations.
DE 10 2004 033 359 A1 discloses a prior art system for safeguarding an automatically operating robot. The apparatus comprises a safety switching apparatus which actuates two external switching elements at the output. At the input, the safety switching apparatus is provided with one or more input signals by appropriately connected signal generators. The input signal(s) received is/are supplied to an evaluation and control unit, which is preferably designed to have multichannel redundancy. In the preferred exemplary embodiment, the safety switching apparatus comprises two output relays, the switching position of which is determined by the evaluation and control unit. Each relay has a number of positively guided make and break contacts.
In safety engineering, the electromechanical switch, for example a relay or contactor, usually has an operating contact, also called a make contact, and an auxiliary contact that is positively guided in respect thereof, also called a break contact. In this connection, positively guided means that the operating contact and the auxiliary contact are mechanically connected to one another such that the operating contact and the auxiliary contact can never be closed at the same time. In other words, the auxiliary contact (or break contact) is closed when the operating contact (or make contact) is open, and vice versa. The operating contact is arranged in the load current path or load circuit of the technical installation, as a result of which it can switch the current for the technical installation on or off. The auxiliary contact is arranged in a separate auxiliary contact current path or auxiliary contact circuit, sometimes called a feedback loop or External Device Monitoring (EDM). A current or a signal in the auxiliary contact current path allows the switching position of the operating contact to be checked, for example by a read back logic unit, on the basis of the positive guiding between the operating contact and the auxiliary contact.
The electromechanical switch having the operating contact and the auxiliary contact may be arranged remote from the safety switching apparatus and be connected via lines. Alternatively, the electromechanical switch may be accommodated within the safety switching apparatus or its housing, respectively.
DE 199 54 460 A1 discloses a safety switching device for switching on and safely switching off an electrical load, particularly an electrically driven machine, comprising a first and a second electromechanical switching element, the operating contacts of which are arranged in series with one another between a first input terminal and an output terminal of the safety switching device. Furthermore, each of the two switching elements has an auxiliary contact which is positively guided with the respective operating contacts. The auxiliary contacts of the two switching elements are likewise connected up in series with one another. Using a current which is carried via the auxiliary contacts, it is therefore possible to check the switching position of the operating contacts of the switching elements without taking direct action in the sphere of operation of the switching elements.
A user guide titled “PNOZmm0p, Configurable Control System PNOZmulti, Operating Manual—No. 1001274 EN 04” discloses a safety switching apparatus which is offered and sold by the applicant of the present invention under the trademark PNOZ®. At each safety output O0, O1, O2, O3 with extended error recognition, two loads may be connected for applications according to EN IEC 62061, SIL CL 3. A prerequisite for this, inter alia, is that a feedback loop be connected to an input.
The user guide “PSSuniversal, Programmable control systems PSS®, System Description—No. 21256 EN 04” discloses a safety switching apparatus which is offered and sold by the applicant of the present invention under the trademark PSS®. This apparatus has a feedback loop input (EDM input) and a feedback loop logic unit (EDM logic unit).
For all kinds of electrical devices, energy consumption is an issue that gets more and more attention. Up to now, however, safety switching apparatuses of the prior art have not addressed this issue with all its consequences.