The present invention relates to a safety switching device for a modular failsafe control system for switching on and safely switching off or disconnecting a load, having at least one switching element which is subject to wear and is designed to carry out a switching process by means of a control signal which is generated by the control system, in order to switch the load. The invention furthermore relates to a modular failsafe control system for switching on and safely switching off an electrical load, in particular an electrically driven machine, via at least one switching device, having a control apparatus for evaluation of input signals and for production of a control signal, which is intended for the switching device, as a function of the evaluation.
Switching devices such as these are generally known and form a component of failsafe control systems, which are generally also referred to as safety switching devices. Failsafe control systems are used to safely evaluate the signal from a safety transmitter, for example an emergency-off switch, a guard door position switch etc., and to operate one or more safe output contacts of a switching device. Actuators, for example contactors, valves, motors, dangerous machine parts, for example saw blades, robot arms, high-voltage devices, etc. are then brought to a safe state via these switched output contacts. The applicant offers a multiplicity of different safety switching device types under the name “PNOZ”. One example of a safety switching device of modular design with a modular failsafe control system and a safety switching device is disclosed, for example, in DE 100 20 075 C2. A safety switching device from the applicant is also disclosed in the document DE 100 11 211.
Since safety switching devices such as these are used in safety-critical environments, the dangers which can be caused by defective components must be coped with. In addition to measures to cope with faults, for example by means of redundant design and the use of automatic diagnostic tests for identification of hazardous hardware failures, consideration of the failure rates of the components which are used in safety switching devices is becoming increasingly important.
As is known, safety switching devices cannot be absolutely safe. The risk that the safety switching device will fail as a result of the failure of a component must therefore be assessed, and this risk must be below an accepted limit value.
In the case of electrical and electronic components, it is normally assumed that their failure rate is constant. The risk of a failure is therefore the same for a new safety switching device and for an old, physically identical safety switching device.
In the case of mechanical and electromechanical components, such as relays, contactors, brakes etc., wear must normally be expected. The failure rate therefore rises sharply beyond a wear limit, as a result of which the accepted risk is exceeded at the end of the life of the component. It is therefore required that these components be replaced before their wear limit, or that the components be operated such that the wear limit is not reached during the envisaged operation.
The component reliability must be quantified in order to verify that the present standards IEC 61508 and ISO 13849-1 are being complied with.
The requirements from the standards relating to functional reliability and the continuous efforts to increase the safety and the availability of safety switching devices are leading to the desire to improve the diagnosis, in particular of components which are subject to wear.
For the purposes of the present application, “diagnosis” is used in the sense of the IEC 61508 standard series.
In this standard series, “diagnosis” is understood to mean the use of automatic diagnostic tests for identification of hazardous hardware failures in safety-related systems.