Safety Specifications (preliminary)¶
Stop Categories¶
Depending on the safety function, the modular robot can perform two kinds of stopp-categories (according to IEC 60204-1). They are described in the following table
| Stop Category | Description |
| 0 (SS0) | immediately cutting the power connection to the servo drives |
| 1 (SS1) | robot is stopped in a controled manner, after 300 ms the power connection to the servo drives is cut. |
Safety Functions¶
The safety functions are there to control the robot. They aim to decrease risks opposed by the robot system. The following safety functions are implemented:
- SF0: Emergency Stop
- SF1: Safeguard Stop
- SF2: Safeguard Stop with optional Automatic Reset
- SF3: Three Position Enabling Device
- SF4: Mode Selection
- SF5: Robot Stop Output
SF0: Emergency Stop¶
Description: Pressing the Estop PB on the hand-held device or, if used, the external Estop results in a category 1 stop according to IEC 60204-1 (NFPA79). After release of the Emergency Stop the reset button has to be pressed to re-enable operation.
performance level and structure category: PL d, cat 3
SF1: Safeguard Stop¶
Description: Same functionality as SF0 but for connecting external safety devices as light curtains or door switches or connecting an external safety device. After release of the Safeguard Stop the reset button has to be pressed to re-enable operation. This function is only active in automatic mode (see SF4). OSSD is not required but tolerated. In case no external safety devices are connected, the safety function can be disabled by bridging it with two jumper wires.
performance level and structure category: PL d, cat 3
SF2: Safeguard Stop with Optional Automatic Reset¶
Description: Same functionality as SF1 but without the requirement of a manual restart. After release of the Safeguard Stop with Automatic Reset no external reset signal is needed, the robot resumes operability automatically. This function is only to be used with suitable safety devices like lidar scanners or an external safety device. This function is only active in automatic mode (see SF4). OSSD is not required but tolerated. In case no external safety devices are connected, the safety function can be disabled by bridging it with two jumper wires.
performance level and structure category: PL d, cat 3
SF3: Three Position Enabling Device¶
Description: When the three position switch is not held in its middle position, an Emergency Stop (SF0) is active. This Function is only active in Set-up mode (see SF4).
performance level and structure category: PL d, cat 3
SF4: Mode Selection¶
Description: If the mode switch is set to Set-up mode the programming / teaching mode is selected (i.e. SF1 and SF2 are disabled, SF3 is enabled). If the mode switch is set to automatic mode, the operation mode is selected (i.e. SF1 and SF2 are enabled, SF3 is disabled). When switching between modes, an Emergency Stop (SF0) is triggered. A key switch is used to only allow authorised persons to switch between modes. The switch can be locked in both positions.
performance level and structure category: PL d, cat 3
SF5: Robot Stop Output¶
Description: If there is an Estop (SF0) or Safeguard Stop (SF1 or SF2) condition, the dual outputs are Low. Otherwise the redundant outputs are high.
performance level and structure category: PL d, cat 3
Reactions of the Safety System¶
The safety system is acting by observing its state and the state of its inputs, eg. whether a safety stop was triggered. The safety system reacts the following way:
| Source | Reaction |
| triggering a safety function (SF0 to SF4) | stop category 1 |
| error detection | stop category 0 |
In order to reenable the robot after it has stopped, pressing the reset button is necessary. A flashing reset button indicates that all safety functions are satisfied and the robot can be activated by pressing the reset button. The reset button then changes to a steady light, indicating that the safety functions and the robot are set active. A non-lit reset button indicates that the robot is not activated and in its safe state.
Modes of Operation¶
The robots safety system knows two modes: Set-up mode and automatic mode.
Set-up mode: Set-up mode can be used for teaching a new robot task. In this mode, the external safety inputs (SF1 and SF2) are disabled, the three position enabling device (SF3) is enabled. In this mode the user must stay clear of the working area of the robot.
Automatic mode: Automatic mode is selected for automatic operation of the robot. The external safety inputs (SF1 and SF2) are enabled, the three position enabling device (SF3) is disabled. Suitable safety sensors must be connected to the safety inputs in order to reduce risks according to the performed risk assessment.
Furthermore, within automatic mode the second external safety input can be set to automatic reset mode. This can be done by inserting a wire bridge at the safety inputs/outputs panel.