Safety At122 en P

Application Technique
Safety Function: Safety Mat Stop

Products: Guardmaster Dual-input Safety Relay, 440F Safety Mats with E-stop
Safety Rating: CAT. 3, PLd to EN ISO 13849-1: 2008
2 Safety Function: Safety Mat Stop
Important User Information

Read this document and the documents listed in the additional resources section about installation,
configuration, and operation of this equipment before you install, configure, operate, or maintain this
product. Users are required to familiarize themselves with installation and wiring instructions in addition
to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and
maintenance are required to be carried out by suitably trained personnel in accordance with applicable
code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the
equipment may be impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential
damages resulting from the use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the
many variables and requirements associated with any particular installation, Rockwell Automation, Inc.
cannot assume responsibility or liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits,
equipment, or software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell
Automation, Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can

cause an explosion in a hazardous environment, which may lead to personal
injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can

lead to personal injury or death, property damage, or economic loss. Attentions
help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT Identifies information that is critical for successful application and understanding
of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a

drive or motor, to alert people that dangerous voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive
or motor, to alert people that surfaces may reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a
motor control center, to alert people to potential Arc Flash. Arc Flash will cause
severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow
ALL Regulatory requirements for safe work practices and for Personal Protective
Equipment (PPE).
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Safety Function: Safety Mat Stop 3
General Safety Information
Contact Rockwell Automation to find out more about our safety risk assessment
services.
IMPORTANT This application example is for advanced users and

assumes that you are trained and experienced in safety
system requirements.
ATTENTION: Perform a risk assessment to make sure all
task and hazard combinations have been identified and
addressed. The risk assessment can require additional
circuitry to reduce the risk to a tolerable level. Safety circuits
must take into consideration safety distance calculations,
which are not part of the scope of this document.
Table of Contents
Important User Information ....................................................................................... 2
General Safety Information ....................................................................................... 3
Introduction ............................................................................................................... 3
Safety Function Realization: Risk Assessment ......................................................... 4
Safety Mat Safety Function ....................................................................................... 4
Safety Function Requirements .................................................................................. 4
Functional Safety Description ................................................................................... 5
Bill of Material ........................................................................................................... 6
Setup and Wiring ...................................................................................................... 6
Installation................................................................................................................. 7
Safety Distance Calculation ...................................................................................... 8
Configuration ............................................................................................................ 9
Calculation of the Performance Level...................................................................... 10
Verification and Validation Plan............................................................................... 16
Additional Resources .............................................................................................. 22
Introduction
This safety function application technique explains how to wire and configure a
Guardmaster® dual-input safety relay (GSR DI) to monitor a pair of 440F safety mats
and an E-stop. When someone steps on the safety mat, presses the E-stop, or a
fault is detected in the monitoring circuit, the GSR DI de-energizes the final control
devices, in this case, a pair of 100S safety contactors. E-stops are required in most
applications. Safety systems requiring both a sensing device, like a safety mat, and
E-stop combination are common. The dual-input relay makes this easy to implement
in a single safety-relay.

Safety Function Realization: Risk Assessment
The required Performance Level (PLr) is the result of a risk assessment and refers to
the amount of the risk reduction to be carried out by the safety-related parts of the
control system. Part of the risk reduction process is to determine the safety functions
of the machine. In this application, the PLr by the risk assessment is Category 3,
Performance Level d (CAT. 3, PLd), for each safety function. A safety system that
achieves CAT. 3, PLd, or higher, can be considered control reliable. Each safety
product has its own rating and can be combined to create a safety function that
meets or exceeds the PLr.
From: Risk Assessment (ISO 12100)
1. Identification of safety functions
2. Specification of characteristics of each function
3. Determination of required PL (PLr) for each safety function
To: Realization and PL Evaluation
Safety Mat Safety Function

In this safety project, we use two safety mats and one E-stop. The safety project
described in this application has three safety functions:
• Safety-related stop initiation by stepping on a safety mat
• An emergency stop initiated by actuation of an E-stop button
This system executes a Stop Category 0 stop. Power is removed and hazardous
motion coasts to a stop.
Safety Function Requirements
A safety mat provides no physical barrier between personnel and hazardous motion.
Safety mats must extend a sufficient distance away from the hazardous motion such
that a person cannot reach the hazard before hazardous motion has stopped. In this
application, two 1000 mm x 1800 mm (39.4 in. x 70.9 in.) safety mats are placed
side-by-side, creating a single 2000 mm x 1800 mm (78.8 in. x 70.9 in.) monitored
area to be sure of an adequate distance. The distance is called the safety distance
and is addressed later in this application technique.

A person stepping on a safety mat causes the Guardmaster dual-input safety relay
(GSR DI) to stop hazardous motion by removing power to the motor. The first safety
mat is installed farthest from the hazardous motion and is stepped on more often
than the second safety mat, which is closest to the hazardous motion. The system
cannot be reset while a person is on the safety mat. Once the person has moved off
the safety mats, pressing and releasing the Reset button resets the GSR DI, closing
its safety contacts. Pressing the Start button provides power to the motor and
hazardous motion begins.
Pressing the E-stop button stops hazardous motion by removing power to the motor.
Releasing the E-stop button does not restart hazardous motion. Once the E-stop is
released, and any other faults are cleared, pressing and releasing the Reset button
resets the GSR DI. Pressing the Start button provides power to the motor and
hazardous motion continues. Faults at the safety mat, the E-stop, wiring, or the
GSR DI are detected before the next safety demand.
The Start/Stop button allows an operator to start and stop the motor for normal,
production purposes without involving any action by the safety system. A safety mat
or E-stop demand always stops hazardous motion and interrupts the start/stop
function.
The safety system described in this application technique is capable of connecting
and interrupting power to motors rated up to 9 A, 600V AC.
When the safety system is reset, the hazardous motion does not resume until a
secondary action occurs—the Start/Stop button in the circuit is pressed.
The safety contactors are switched each time the Start/Stop

IMPORTANT button is pressed, whether to restart after a safety demand or for
standard production purposes.
For purposes of this application technique, the safety functions stop the system once
an hour, 24 hours a day, 365 days a year, for a total of 8760 times a year, per safety
function.
The safety functions in this application technique each meet or exceed the
requirements for Category 3, Performance Level d (CAT. 3, PLd), per
EN ISO 13849-1 and control reliable operation per ANSI B11.19.
Functional Safety Description
Stepping on the safety mat stops and prevents the hazardous motion from restarting
until the person moves off the safety mat, the Guardmaster dual-input safety relay
(GSR DI) is reset, and the Start button is pressed.
Similarly, pressing the E-stop button stops and prevents hazardous motion from
restarting until the E-stop is released, the GSR DI is reset, and the Start button is
pressed.

Bill of Material
This application uses these products.
Cat. No. Description Quantity
440F-M2036BYNN Safety mat – yellow 1000 mm x 1800 mm (39.4 in. x 2
70.9 in.), 2-4.5 m (15 ft) 2-wire cables, exit out B
corners, no trim, no controller
440F-T3210 Standard, aluminum perimeter trim, 2 m (6.6 ft), 4
square end
440F-T3012 External corner perimeter trim 4
440F-T3220 Active uniting trim – 2 m (6.6 ft) length 1
800F-1YP8 800F 1-hole enclosure E-stop station, plastic, PG, 1
twist-to-release 60 mm (2.4 in.), non-illuminated, 1
N.O. contact, 2 N.C. contacts
400R-D22R2 Guardmaster dual-input safety relay, 2-dual channel 1
universal inputs, 1 N.C. contact, solid-state auxiliary
outputs
800FP-R611PX10 800F reset, round plastic, type 4/4 x /13, IP66, blue, 1
R, plastic latch mount, 1 N.O. contact, 0 N.C.
contacts, standard, standard pack (quantity 1)
800FP-U2E4F3PX11 800F 2-position momentary multi-function – red 1
plastic, type 4/4 x /13, IP65, position A – red exterior
push button, position C – green flush push button,
plastic latch mount, 1 N.O. contact, 1 N.C. contact,
standard, standard pack (quantity 1)
100S-C23EJ14BC MCS 100S-C safety contractor, 23 A, 24V DC with 2
electrical coil, bifurcated contact
Setup and Wiring

The safety mats have two separated, internal conductive plates, with each plate
representing a separate channel. S11 and S21 are run through a separate plate to
S42 and S32, respectively. When someone steps on a safety mat, the two internal
conductive plates are pressed together, creating a cross-fault between the two
channels. The Guardmaster dual-input safety relay (GSR DI) responds by opening
its two safety outputs. This removes 24V DC from the coils of the two safety
contactors whose contacts open, removing power to the motor. The motor coasts to
a stop (Stop Category 0).
The safety mat rebounds when the person steps off the safety mat, separating the
two internal conductive plates.
Safety mats are electro-mechanical devices and, as such, have no diagnostic
capabilities of their own. All diagnostics are provided by the GSR DI. A remote
possibility exists that the two plates do not make proper contact when the safety mat
is stepped on. To address this possibility, fault exclusion (FE) is included in the
following performance level calculations. Most electro-mechanical devices have a
possibility of a mechanical failure and require the inclusion of this FE in their
performance level calculations.

The E-stop is also an electro-mechanical device. Each N.C. contact represents a
separate channel. S11 and S21 are run through the two N.C. contacts of the E-stop
to inputs S12 and S22, respectively. When the E-stop is pressed and released, these
channels are interrupted. The GSR DI reacts by turning off its safety contacts,
removing power from the 100S contactor coils, removing 24V DC from the coils of
the two 100S contactors whose contacts open, removing power to the motor. The
motor coasts to a stop (Stop Category 0). A possibility exists that the single E-stop
actuator fails to open the E-stop’s N.C. contacts; therefore, an FE is included in the
E-stop performance level calculations although it is implemented differently than that
for the safety mats.
The GSR DI monitors the safety mat and the E-stop circuit for faults. Open circuit
faults, shorts to 24V DC, shorts to GND, contact-weld fault, and channel-cross faults
are detected. When a fault is detected, the relay responds by opening its
mechanically-linked safety contacts, removing 24V DC power from the 100S
contactor coils and thereby removing power to the motor. The motor coasts to a stop
(Stop Category 0).
Two N.C. contacts, one from each of the safety contactors, are connected in series,
as part of the reset circuit. The GSR DI can be reset only if both safety contactors
are in a properly de-energized state. If a safety contact weld closes, its
mechanically-linked N.C. contacts remain open and the GSR DI cannot be reset.
The GSR DI cannot be reset while the E-stop remains actuated or while a person
remains on a safety mat. Once the E-stop has been released and/or the person
moves off the safety mats, pressing and releasing the Reset button, a separate,
deliberate action, closes the GSR DI safety contacts. The Reset button must be
pressed for more than a quarter of a second and less than three seconds. Either a
shorter press or a longer press is ignored. The Start button can then be pressed to
continue hazardous motion.
The GSR DI checks itself for internal faults, faults on its inputs and wiring, and
monitors the safety contactors, via the contactors N.C. contacts, in the reset circuit.
No single fault results in the safety system failing to perform its safety function. A
single fault is detected before the next demand on the safety system. The system
cannot be reset until the fault is corrected.
Installation
For detailed information on installing and wiring, refer to the product manuals listed in
the Additional Resources.
A safety mat provides no physical barrier between personnel and hazardous motion.
The safety mat must be installed at a sufficient distance from the hazardous motion
to be sure that a person walking toward the hazardous motion cannot reach the
dangerous motion before it has stopped. This distance is referred to as the safety
distance.

Safety Distance Calculation
The safety distance calculations in the application technique are
IMPORTANT only for illustration purposes. Actual stopping time vary according
to the specifics of any actual application.
The safety distance (S) required varies from installation to installation and, therefore,
must be calculated for each specific application. This application technique uses the
formula taken from EN ISO 13856-1.
S = (K * T) + C
Symbol Value
K The standard approach speed of 1600 mm/s (63 in./s).
T Stopping time
In this case, the stopping time is the summation of the following:
• Stopping time of the hazardous motion (Ts)
• Response time of the safety relay
• Response time of the safety contactors (Tc)
C Distance a standard hand could possibly move toward the hazard before the
safety mat is stepped on. 1200 mm (47.25 in.)
In this application technique example, these are the values:
K 1600 mm/s (63 in./s) (taken from EN ISO 13856-1)
Ts 250 ms (measured by the user or from the machine maker documents in any
actual application)
Tc 55 ms (40 ms [DI] + 15 ms [K1/K2]) taken from the product documentation)
C 1200 mm (47.25 in.) (taken from the product documentation)
S = (1600 * 0.305) + 1200 mm (47.25 in.) = 1688 mm (66.5 in.)
The edge of the safety mat farthest from the hazardous motion must be mounted no closer
than 1688 mm (66.5 in.) from the hazardous motion.
In this application, two 1000 mm x 1800 mm (39.4 in. x 70.9 in.) safety mats are placed
side-by-side, creating a single 2000 mm x 1800 mm (78.8 in. x 70.9 in.) monitored area to be
sure of an adequate distance.

Electrical Schematic
24V DC SUPPLY 24V DC COM
Status
to PLC
E-stop LOGIC
Status
to PLC
White White White
Black
Black Black
Reset
Status
to PLC
Start Stop
Status
to PLC
Status
to PLC

Configuration
Follow these steps to sets the function of the device.
LOGIC
1. To start configuration/overwrite, with the power off, turn
the rotary switch to position 0.
The unit powers up. After the power-up test, the PWD
status indicator flashes red.
2. To set the configuration, turn the rotary switch to

position 2. LOGIC
LOGIC 2 = L12 or (IN1 and IN2)
The IN 1 LED status indicator blinks for the new

setting.
Position is set when the PWR status indicator is solid
green.
3. Lock-in the configuration by cycling unit power.

4. Confirm the configuration before operation.
5. Record the unit setting in the white space on the face of the device.
Calculation of the Performance Level

The required Performance Level (PLr) from the risk assessment for each safety
function of this project is Performance Level d (PLd). When properly implemented,
each safety mat safety function described here can achieve Category 3 (CAT. 3,
PLd), according to EN ISO 13849-1: 2008, as calculated by using the SISTEMA
software PL calculation tool.
When properly configured, the E-stop safety function described here can achieve
CAT. 3, PLe, according to EN ISO 13849-1: 2008, as calculated by using the
SISTEMA software.
Calculations are based on each safety function being operated once an hour, 24
hours a day, 365 days a year for a total of 8760 safety operations a year, per safety
function.
The SISTEMA project for this application example verifies that all three safety
functions can achieve the required PLr or better.

The safety mat #1 safety function is represented below.
FAULT
INPUT EXCLUSION LOGIC OUTPUT
(FE)
100S
K1
Safety Mat
Safety Mat
#1 GSR DI
#1
(FE)
100S
K2
Safety Mat #1 Safety Function Input Subsystem
Safety Mat #1 Safety Function Fault Exclusion Subsystem

This addresses the remote possibility that the two plates do not make proper contact
when a person steps on the safety mat.

Safety Mat #1 Safety Function Logic Subsystem
Safety Mat #1 Safety Function Output Subsystem
Safety Mat #1 Safety Function Overall
The safety mat #2 safety function is represented below.
FAULT
INPUT EXCLUSION LOGIC OUTPUT
(FE)
100S
K1
Safety Mat
Safety Mat
#2 GSR DI
#2
(FE)
100S
K2

Safety Mat #2 Safety Function Input Subsystem
Safety Mat #2 Safety Function Fault Exclusion Subsystem

This addresses the remote possibility that the two plates do not make proper contact
when a person steps on the safety mat.
Safety Mat #2 Safety Function Logic Subsystem
Safety Mat #2 Safety Function Output Subsystem
Safety Mat #2 Safety Function Overall

The E-stop safety function is represented below.
INPUT LOGIC OUTPUT
100S
K1
E-stop
FE GSR DI
Included
100S
K2
E-stop Safety Function Input Subsystem
In this case, the fault exclusion (FE) is selected in the Mean Time to Failure,
dangerous (MTTFd) section. E-stops are the most common safety input device. The
typical, almost universal, possibility of mechanical failure is recognized and widely
accepted. In this case, the FE is addressed in this manner; however, it could also
have been entered as a separate subsystem as was performed for the safety mats.
E-stop Safety Function Logic Subsystem

E-stop Safety Function Output Subsystem
E-stop Safety Function Overall
Because these are electro-mechanical devices, the safety mats and the safety
contactors data includes the following:
• MTTFd
• Diagnostic Coverage (DCavg)
• CCF
Electro-mechanical devices’ functional safety evaluations include the following:
• How frequently they are operated
• Whether they are effectively monitored for faults
• Whether they are properly specified and installed
SISTEMA software calculates the MTTFd by using B10d data provided for the
contactors along with the estimated frequency of use, entered during the creation of
the SISTEMA project.
The DCavg (90%) for the safety mats was based on the Guardmaster dual-input
safety relay being configured to interpret a cross-channel wiring/shorting fault as a
normal step on a safety mat, not as a fault and a no-channel welded-closed fault. An
actual cross-channel wiring and/or short fault trips the relay, sending the system to a
safe de-energized state. That system does not reset until the cross-channel fault is
corrected.
The DCavg (99%) for the E-stop was selected from the Input Device table of
EN ISO 13849-1 Annex E, Cross Monitoring.

Verification and Validation Plan

Verification and validation play important roles in the avoidance of faults throughout
the safety system design and development process. EN ISO 13849-2 sets the
requirements for verification and validation. The standard calls for a documented
plan to confirm all of the safety functional requirements have been met.
Verification is an analysis of the resulting safety control system. The Performance
Level (PL) of the safety control system is calculated to confirm that the system meets
the required Performance Level (PLr) specified. The SISTEMA software is typically
used to perform the calculations and assist with satisfying the requirements of
EN ISO 13849-1.
Validation is a functional test of the safety control system to demonstrate that the
system meets the specified requirements of the safety function. The safety control
system is tested to confirm that all of the safety-related outputs respond
appropriately to their corresponding safety-related inputs. The functional test
includes normal operating conditions in addition to potential fault injection of failure
modes. A checklist is typically used to document the validation of the safety control
system.
Prior to validating the Guardmaster Safety Relay (GSR) system, confirm that the
Guardmaster safety relay has been wired and configured in accordance with the
installation instructions.

Safety Mat and E-stop Safety Function Verification and Validation Checklist
General Machinery Information
General Machinery Information
Machine Name/Model Number
Machine Serial Number
Customer Name
Test Date
Tester Name(s)
Schematic Drawing Number
Guardmaster Safety Relay Model
Safety Wiring and Relay Configuration Verification
Test Step Verification Pass/Fail Changes/Modifications
1 Visually inspect the safety relay circuit to verify that it is
wired as documented in the schematics.
2 Visually inspect the safety relay’s configuration switch to
verify that the settings are correct as documented.
Normal Operation Verification - The safety system properly responds to all normal Start, Stop, Reset,
Safety Mat, and E-stop inputs.
1 Confirm that there is nothing on a safety mat.
2 Confirm the E-Stops are released.
3 Confirm the motor is stopped.
4 Apply power to the safety system.
5 Confirm that the motor does not start on power up.
6 Confirm that the PWR/Fault, IN1, and IN2 status
indicators of the safety relay are green.
7 Confirm that the OUT status indicator of the safety relay
blinks green.
8 Press and release the Reset button. The OUT status
indicator of the safety relay turns steady green. The
motor does not start.
9 Press the drive Start button to start the motor. The
safety contactors energize, the motor starts.
10 Press the drive Stop button to stop the motor. The
safety contactors de-energize. The motor coasts to a
stop. The safety relay does not trip.
11 Press the Start button to start the motor.
12 While watching the hazardous motion, step on safety
mat #1. The safety system trips. The IN1, IN2, and OUT
status indicators turn off. The motor coasts to a stop.

Safety Mat and E-stop Safety Function Verification and Validation Checklist (continued)
Normal Operation Verification - The safety system properly responds to all normal Start, Stop, Reset,
Safety Mat, and E-stop inputs. (continued)
13 While you remain on the safety mat #1, the IN1, IN2, and
OUT status indicators remain off. Press and release the
Reset button. The OUT status indicator of the safety
relay remains off. The motor does not start.
14 Step off of the safety mat #1. The IN1 and IN2 status
indicators turn on and remain on. The OUT status
indicator blinks green.
17 Repeat steps 1…16 for safety mat #2.
18 Press the E-stop. The safety system trips. The IN1 and
OUT status indicators turn off. The motor coasts to a
stop.
19 Leave the E-stop pressed. The IN1 status indicator
remains off. Press and release the Reset button. The
OUT status indicator of the safety relay remains off. The
20 Release the E-stop. The IN1 status indicator turns on and
remains on. The OUT status indicator blinks green.
Abnormal Operation Validation - The safety relay system properly responds to all foreseeable faults
with corresponding diagnostics.
E-stop Input Tests – Guardmaster Dual-input Safety Relay
Test Step Verification and Validation Pass/Fail Changes/Modifications
1 While the motor is running, remove the E-stop input wire
at terminal S12 of the safety relay. The safety relay
immediately trips, de-energizing the safety contactors
and the motor coasts to a stop. The IN1 and OUT status
indicators turn off.
2 Reconnect the wire to S12. The safety relay does not
respond. Press and release the Reset button. The safety
relay does not respond.
3 Cycle the E-stop button. The IN1 status indicator is on
and the OUT status indicator blinks. Press and release
the Reset button. The OUT status indicator is steady on.
4 Press the Start button. The safety contactors energize
and the motor starts to run.
5 While the motor is running, jump the E-stop input wire at
terminal S11 to terminal S12 of the safety relay. The
safety relay does not trip.
6 Press the E-stop. The safety relay immediately trips. The
IN1 and OUT status indicators turn off.

with corresponding diagnostics. (continued)
E-stop Input Tests – Guardmaster Dual-input Safety Relay (continued)
7 Release the E-stop. Press and release the Reset button.
The safety relay does not respond.
8 Remove the jumper from S11 to S12. Press and release
the E-stop. The IN1 status indicator is on and the OUT
status indicator blinks. Press and release the Reset
button. The OUT status indicator is steady.
10 Repeat steps 1…8 to test E-Stop channel 2. Use S21 in
place of S11 and S22 in place of S12.
11 Briefly short the E-stop input wire at terminal S12 of the
safety relay to 24V DC. The safety relay immediately
trips. The PWR/Fault status indicator is steady red. All
other status indicators are off.
12 Press and release the Reset button. The safety relay
does not respond.
13 Cycle power to the safety relay. Confirm that the
PWR/Fault, IN1, and IN2 status indicators of the safety
relay are green. Confirm that the OUT status indicator
blinks green. Press and release the Reset button. The
OUT status indicator turns steady green.
safety relay to 0V DC. The safety relay immediately trips.
The PWR/Fault status indicator is steady red. All other
status indicators are off.
does not respond.
17 Briefly short the E-stop terminal S12 to terminal S22 of
the safety relay. The safety relay immediately trips. The
PWR/Fault status indicator is steady red. All other status
indicators are off.
does not respond.

with corresponding diagnostics.
Safety Mat Input Tests - Guardmaster Dual-input Safety Relay
1 While the motor is running, remove the safety mat input
wire at terminal S42 of the safety relay. The safety relay
immediately trips, de-energizing the safety contactors
and the motor coasts to a stop. The IN1, IN2, and OUT
status indicators turn off.
2 Reconnect the wire to S42. The safety relay does not
respond. Cycle power to the safety relay. The
PWR/Fault, IN1, and IN2 status indicators are on. The
OUT status indicator blinks green. Press and release the
Reset button. The OUT status indicator turns steady
green.
4 While the motor is running, briefly short the E-stop input
wire at terminal S42 of the safety relay to 24V DC. The
safety relay immediately trips, de-energizing the safety
contactors and the motor coasts to a stop. The
PWR/Fault status indicator turns steady red. The OUT
status indicator is off. The IN1 and IN2 status indicators
are on.
5 Press and release the Reset button. The safety system
does not respond.
safety relay to 0V DC. The safety relay immediately trips,
de-energizing the safety contactors. The motor coasts to
a stop. The PWR/Fault status indicator is steady red. All
other status indicators are off.
does not respond.
10 Repeat steps 1…9 to test the safety mat #1 of channel 2.
Use S32 in place of S42

Safety Logic - Guardmaster Dual-input Safety Relay Tests
Test Step Validation Pass/Fail Changes/Modifications
1 While the system is running, turn the logic rotary switch
on the safety relay from the proper 2 to 4. The motor
keeps running. The PWR/Fault status indicator blinks
red/green twice, then goes steady green for a moment
and then repeats the cycle.
2 Step on and off a safety mat. The system trips and the
motor comes to a stop. The PWR/Fault status indicator
blinks red/green twice, then goes steady green for a
moment and then repeats the cycle. The OUT status
indicator blinks, requesting a reset.
indicator turns steady green indicating that the safety
relay has reset. The PWR/Fault status indicator blinks
red/green twice, then goes steady green for a moment
and then repeats the cycle.
4 Press the Start button. The motor starts. The PWR/Fault
status indicator blinks red/green twice, then goes steady
green for a moment and then repeats the cycle.
5 Set the rotary switch back to 2. After a moment, the
PWR/Fault status indicator turns steady green.
Safety Output - Contactor Tests
1 Power up the safety system. Confirm that there is nothing
on the safety mats and that the E-stops are released.
Press and release the Reset button to start/reset the
safety relay. Press the Start button. The motor starts.
2 While the motor is running, remove the wire from terminal
S34 of the safety relay. The motor keeps running.
3 Step on and off a safety mat. The system trips, stopping
the motor.
does not reset. The OUT status indicator keep blinking
green.
5 Restore the connection to terminal S34. Press and
release the Reset button. The safety relay resets and the
OUT status indicator is steady green.
6 Press the Start button. The motor starts.
7 While the motor is running, remove the wire from terminal
S34 of the safety relay. Connect S34 to the 24V DC
COM. The motor keeps running.
8 Step on and off a safety mat. The system trips, stopping
the motor.
does not reset and the OUT status indicator keeps
blinking green.
10 Remove the connection to 24V DC COM. Restore the
original connection to terminal S34. Press and release
the Reset button. The safety relay resets and the OUT
status indicator is steady green.
11 Press the Start button. The motor starts.

Additional Resources
These publications contain additional information concerning related products from
Rockwell Automation.
Resource Description
Guardmaster Safety Relays Safety Provides information on the safety applications
Applications and Wiring Diagrams, and wiring guides for the Guardmaster Safety
publication SAFETY-WD001 Relays.
Next Generation Guardmaster Safety Provides information on the functionality of the
Relays, publication EUSAFE-BR009 Guardmaster safety relays.
Guardmaster Safety Relay SI Provides guidance on installing and operation
Installation Instructions, publication Guardmaster safety relays.
440R-IN042
See the Knowledgebase Answer ID Provides guidance on troubleshooting a 440F
548370 at safety mat.
http://rockwellautomation.custhelp.com
Safety Products Catalog, publication Provides an overview of products, product
S117-CA001 specifications, and application examples.
You can view or download publications at

http://www.rockwellautomation.com/literature. To order paper copies of technical
documentation, contact your local Allen-Bradley distributor or Rockwell Automation
sales representative.
For more information on

Safety Function Capabilities, visit:
discover.rockwellautomation.com/safety
Rockwell Automation, Allen-Bradley, Rockwell Software, Guardmaster, and LISTEN.THINK.SOLVE. are trademarks of Rockwell Automation, Inc. Trademarks not
belonging to Rockwell Automation are property of their respective companies.
Publication SAFETY-AT122A-EN-P – December 2013

Copyright © 2013 Rockwell Automation, Inc. All rights reserved. Printed in U.S.A.

Safety At122 en P

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Safety At122 en P

Uploaded by

Copyright:

Available Formats

Application Technique

Safety Function: Safety Mat Stop

Important User Information

WARNING: Identifies information about practices or circumstances that can

ATTENTION: Identifies information about practices or circumstances that can

Labels may also be on or inside the equipment to provide specific precautions.

SHOCK HAZARD: Labels may be on or inside the equipment, for example, a

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

IMPORTANT This application example is for advanced users and

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

From: Risk Assessment (ISO 12100)

1. Identification of safety functions

2. Specification of characteristics of each function

3. Determination of required PL (PLr) for each safety function

To: Realization and PL Evaluation

Safety Mat Safety Function

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

The safety contactors are switched each time the Start/Stop

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Setup and Wiring

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

24V DC SUPPLY 24V DC COM

White White White

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

2. To set the configuration, turn the rotary switch to

The IN 1 LED status indicator blinks for the new

3. Lock-in the configuration by cycling unit power.

Calculation of the Performance Level

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Safety Mat #1 Safety Function Input Subsystem

Safety Mat #1 Safety Function Fault Exclusion Subsystem

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Safety Mat #1 Safety Function Output Subsystem

Safety Mat #1 Safety Function Overall

The safety mat #2 safety function is represented below.

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Safety Mat #2 Safety Function Fault Exclusion Subsystem

Safety Mat #2 Safety Function Logic Subsystem

Safety Mat #2 Safety Function Output Subsystem

Safety Mat #2 Safety Function Overall

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

INPUT LOGIC OUTPUT

E-stop Safety Function Input Subsystem

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

E-stop Safety Function Overall

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Verification and Validation Plan

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013

You can view or download publications at

For more information on

Publication SAFETY-AT122A-EN-P – December 2013

You might also like