Engineering Notes by Oriental Motor

Built-in STO Function Simplifies Safety

[fa icon="calendar"] Sep 30, 2020 9:01:48 PM / by Johann Tang

Johann Tang

STO, or "Safe Torque Off", is a dedicated, built-in safety circuit function that makes safety easier to manage for motion devices, such as a robot.  It is part of the overall safety system.

How STO function is  used

First introduced with servo motor drivers, an STO circuit is a dedicated function of the driver that prevents unintended motor motion.  This is useful in preventing injuries to operators working near a robot or a machine.  The benefits from using a driver with built-in STO function is that it can reduce peripheral equipment, simplify wiring, and save space.

 

Benefits of a Built-in STO Function:

  • Reduce peripheral equipment
  • Simplifies wiring
  • Saves space

 

In recent years, the STO function has also been adopted by stepper motor drivers as well as variable frequency drives for 3-phase AC motors.  Oriental Motor's AZ series AC-input stepper motor drivers now offer this certified safety function to make safety easier.  The AZ series STO function meets the requirements of IEC 61800-5-2 and IEC 60204-1 (Stop Category 0).

Circuit terminal on AZ series driver

How Does It Work?

Look at the above CN1 connector terminal and where the bottom two blue jumper wires are.  These terminals are labelled HWTO1+, HWTO1-, HWTO2+, and HWTO2-.  When integrating to an external safety system, these blue jumper wires would be replaced with wires that connect to the external safety system.  However, if an open circuit is detected in the STO circuit during operation, it will forcibly remove power from the motors and prevent unintended motion.

Is It Really Necessary?

When designing an equipment, the manufacturer (OEM) needs to run a risk assessment in order to state the level of safety for the equipment.  If the existing design does not meet a safety standard, additional protective devices must be added.  A safety system can include multiple motor drivers and other devices connected to the circuit, such as switches or buttons.

There is no absolute, guaranteed safety for robots or machinery.  Every machine will eventually fail, and human beings are not perfect all the time.  Design engineers need to implement a safety system that can guarantee an accepted chance of unintended motion from the motor when stopped.  This chance, or frequency of occurrence, is defined by the safety integrity level, or safety index.  This will be covered later in this post.

How Does It Help?

Differences with or without driver with built-in safety function

When a driver without a built-in STO safety function is used, additional contactors are necessary to cut off power to the driver and motor.  When an AZ series driver with a built-in STO safety function is used, no contactors are required, and the power to the motor is cut off directly.  By using an AZ series driver, wiring can be reduced and space is saved.  

The STO safety circuit function is designed to be used after the motors are already in a stopped state.  It is not intended to be used as an E-STOP (Emergency Stop) during normal operation.  To connect safety-related equipment for additional measures, use the EDM output (from the STO circuit).

 

TIP : is it better to use STO vs inputs such as C-OFF and FREE to turn off motor current?
Yes.  The STO circuit essentially bypasses the contactors and disconnects the motor from its power directly.  This effectively removes any chance of the motor unintentionally starting while it's stopped.  The C-OFF and FREE inputs do offer the same function in turning the motor current off, but the difference is how fast they can do it.  The STO circuit skips the I/O circuits and cuts off power to the motor directly, so it's considered faster and safer.  Remember, the goal is to prevent unexpected movement as quickly as possible.

 

Safety Index

To aid the OEMs in their product selection, device manufacturers may provide a "functional safety" specification based on the following regulatory standards.  The umbrella standard, or the main standard, is the IEC 61508, then there are more specific sub-standards.  The machine standard specified by IEC, IEC 62061, is designated for SIL.  The machine standard specified by ISO, ISO 13849, is designated for PL.  SIL and PL are categorized safety standards as specified by either IEC or ISO.

For SIL (Safety Integrity Level) and PL (Performance Level), the range of these safety ratings overlap a little, but they are pretty similar.  For example, a safety system rated for SIL 2 is the same as PL d.

Safety integrity level - SIL, PL

The safety level of the equipment is determined by the designer.  For example, for a large robotic facility, a large robot can potentially kill if it moves unexpectedly while an operator is working near it.  Think of the centrifuge that astronauts use to train themselves with G forces at NASA.  Imagine if someone was servicing a part of the machine, and it unexpectedly starts. 

For large robots, a SIL 3 or PL e safety rated product would be best.  A motor driver that's rated for SIL 3 or PL e may have one failure event happen in 1,140 to 11,400 years (estimated).

AZ STO safety level - SIL 3, PL e

Emergency Stop Category

Stop categories are also defined by regulatory standards.  In this case, they're defined in IEC 60204-1.  Stop Category 0 equates to pulling the plug to the motor.  Stop Category 1 brings motors to a controlled stop, then pull the plug.  Stop Category 2 brings motors to a controlled stop and then keep power on.

  • Stop Category 0 - stopped by an uncontrolled stop and immediate removal of power
  • Stop Category 1 - stopped by a controlled stop with power, then remove power when stopped
  • Stop Category 2 - stopped by a controlled stop with power, then leave the power on

The STO function from the AZ series drivers is directly related to Stop Category 0 as defined by IEC 60204-1.  Under Stop Category 0, a motor is stopped by forced and immediate removal of power to the machine actuators, such as an uncontrolled stop (no deceleration).  

Other similar acronyms for similar safety functions are SS1 (Safe Stop 1), SS2 (Safe Stop 2), SOS (Safe Operation Stop), SSE (Safe Stop Emergency), and SBC (Safe Brake Control).  Out of these, only STO is rated for Stop Category 0, SS1 is rated for Stop Category 1, and SS2 is rated for Stop Category 2.

Safety Standards and Applicable Products

The applicable standards for the STO circuit are IEC 61800-5-2, EN 61800-5-2, IEC 61508-1, EN 61508-1, IEC 61508-2, EN61508-2, IEC 62061, EN 62061, ISO 13849-1, and EN/ISO 13849-1.  The STO function of the AZ series driver is rated for SIL 3 and PL e (Category 3).

The STO circuit is a built-in function of AZ series drivers including built-in controller type, pulse input type with RS-485 communication, and pulse input type.  

AZ series safety standards, applicable products

Here are the safety parameters for the AZ series drivers with built-in STO circuit function.  The average frequency of a dangerous failure per hour (PFH = 2.96x10^-9).  The safety integrity level is SIL 3.  The performance level is PL e, and the stop category is 0.  This is better than some other STO functions offered in the industry.

Safety parameters of the AZ series STO function

The STO circuit function should not be used for an emergency stop to stop the motors.  It is designed to be used after motion have ceased completely.  Once this happens, activating the STO circuit would ensure that power is cut off from the motor thus keeping operators safe while they service a robot or machine.  If emergency stop is necessary, please wire a button as part of the external safety equipment.

 

AZ series driver and absolute stepper motor with TUV

The AZ series AC-input drivers with built-in STO circuit function is certified by TÜV SÜD Product Service GmbH and can be used with any AZ series AC-input stepper motors, linear actuators, and rotary actuators.  Once the motor or actuator is connected, the driver automatically adjusts its internal settings to match the motor (or actuator).  Don't forget the RGB100 regeneration resistor accessory to prevent damage to the drivers due to regenerative voltage.  

For additional info about the STO function, please refer to the AZ series "functions" manual, or contact us for details.

AC Input AZ Series Drivers

Meet the Family

Thank you for reading.  Please subscribe to receive new posts.

 

Topics: Stepper Motors, Absolute Positioning, Alphastep Hybrid Control, Linear & Rotary Actuators

Johann Tang

Written by Johann Tang

Johann Tang is a Product Specialist at Oriental Motor USA Corp. with over 15 years of knowledge and experience supporting applications of various types of electric motors, gearheads, actuators, drivers, and controllers.