Safety PLC for rolling stock
Safety PLC for rolling stock
More reliability and safety
The requirements for rail vehicles of today and tomorrow grow constantly. Faster and faster connections must be made while maintaining a high passenger comfort. This is why, in their daily use, trains are subjected to very high stress, related to Environ-mentironmental, electrical and mechanical factors. This calls for higher and higher regulatory standards for rail vehicles.
ABB helps satisfy the high expectations towards the safety of the vehicles
ABB delivers reliable components, solutions and systems for rolling stock, always complying with the current standard requirements. Among others, these include:
− Safety Controller Pluto D20 Harsh Environment − Safety Controller Pluto D45 Harsh Environment
Using equipment on trains — what must
be taken into account
Rail vehicles must be specially equipped to be reliable within their respective areas and conditions of use. Examples of such areas and conditions include, among other things, the trains being primarily used in tunnels, or used at high speeds, or used as night trains with sleeping coaches. In providing trains with equipment, particular attention must be paid so the service life of the equipment is not shorter than the service interval of the rail vehicle. Further-more, the safety of passengers must be guaranteed, so that in the event of an emergency no additional hazard is created by defective electric equipment —an important aspect— especially if escape routes are limited, e.g. in tunnel systems.
ABB is a leading global independent supplier of innovative and reliable technology for rolling stock, railway operators and railway infrastructure operators. Using its all-encompassing business experience in energy and automation technology, ABB can offer reliable and cost-effective solutions for both these fields.
General standards for railway use
Fire protection and general electrotechnical requirements
Continous operation — in the most
extreme of conditions
Always on the move, despite heat, cold and humidity: the Environ-mentironmental conditions in which rail vehicles are used are gener-ally far more extreme than in an industrial plant. Their electronic components must correspondingly be completely vibration-proof, resistant to cold, dry and humid heat, and the resulting condensed water. Furthermore, as well as their electromagnetic compatibility, these devices must meet particularly high fire safety requirements. In the event of a fire, danger to people comes not only from the flames, but also from the smoke and poisonous vapors. Complete reliability under extreme conditions as well as a high degree of safety must be guaranteed. Nothing can be left to chance. All the components of a rail vehicle undergo numerous load tests before they are commissioned. Everything is tested and documented on the basis of safety standards and specifications.
The standards for electronic equipment used in and on rail vehicles – EN 50155 and IEC 60571
EN 50155 is the most important standard for electronic equipment used in and on rail vehicles. With the exception of local fire and smoke protection standards, this standard acts as an umbrella standard encompassing all the important electric and mechanical aspects. These include:
− the temperature according to EN 50125 − the humidity according to EN 50125 − the voltage supply according to EN 50155 − the insulation coordination according to EN 50124 − the electromagnetic compliance according to EN 50121 − the shock and vibration resistance according to EN 61373
The fire and smoke protection standard EN 45545
EN 45545-1 provides a classification of risks according to the categories of operation and design of train. The design of trains include four very different types of trains, e.g. standard vehicles and special trains with sleeping coaches. These trains can be operated in different categories. According to EN 45545-1, there are four such categories that depend on how many kilometers a route may lead through a tunnel or elevated section. A combination of these two criteria is decisive in classifying the hazard levels. A stan-dard vehicle that drives through a tunnel for less than a kilometer is classified as HL1. Below you will find a table that shows the hazard level that depends on the combination of the operation categories and the design categories.
Design categories
N A D S
Standard
vehicle Automated train without emergency trained crew Double decked vehicle Sleeping coach, 2-level or 1-level Operation categories 1 Tunnel < 1 km HL1 HL1 HL1 HL2 2 Tunnel < 5 km HL2 HL2 HL2 HL2 3 Tunnel > 5 km HL2 HL2 HL2 HL3
4 Train without side evacuation HL3 HL3 HL3 HL3
The Harsh Environment versions of Pluto safety PLC can be used on all trains up to hazard level HL3. The main criteria specified by EN 45545 include, among others, the oxygen index, which must be above 32%. For the Harsh Environment Plutos, this condition is met. Another critical aspect is the production of smoke, as well as the transparency and toxicity of the smoke. In the event of a fire, an opacity value of 150 guarantees that the smoke does not completely block the sight and the passengers can still orient themselves in the train.
Safety PLC Pluto D20 / D45 Harsh Environment
Standards for railway use
Pluto Harsh Environment. complies with the following railway standards
Climate resistance a) IEC 60068-2-1, Test A -25 °C to -40 °C
b) IEC 60068-2-2, Test B +55 °C to +70 °C
Relative air humidity IEC 60068-2-30, Test Db 90-100% at +25 °C to +55 °C
Environmentironment temperature EN 50155 temperature class T2
Tests according to standard EN 50155 ICE 60068-2-1 2007 Cold ICE 60068-2-2 2007 Dry heat ICE 60068-2-30 2005 Damp heat cyclic
Shock and vibration resistance a) IEC 60068-2-64 Random: 1.01 m/s²rms at 5—150 Hz for 10 min b) IEC 60068-2-64 Random long-life: 5.72 m/s²rms at 5—150 Hz for 5 h c) IEC 60068-2-27 Shock: 50 m/s² at 30 ms ±3 shocks
Tests according to standards EN 50155/IEC 61373 2010-05
Fire and smoke protection a) Hazard levels HL1 to HL3 according to EN 45545-2 b) Fire protection classes 1—4 according to DIN 5510-2 Tests according to standards EN 45545-1 and 2 / DIN 5510 Part 1 and 2
Standard references
The certificate is based on the following standards: Functional safety
EN 50155:2007 Railway Applications — Electronic equipment used on rolling stock
EN 50126-1:2006 Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) - Part 1: Basic requirements and generic process EN 50129:2003 Railway applications - Communication, signalling and processing systems - Safety related
electronic systems for signalling
EN 50128:2001 and 2011 Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems
EN 45545-1:2013 Railway applications - Fire protection on railway vehicles - Part 1: General requirements EN 45545-2:2013 Railway applications - Fire protection on railway vehicles - Part 2: Requirements for fire
behavior of materials and components
EN 61373:2010 Railway applications — rolling stock equipment, shock and vibration tests
EN 60068-2-1:2007 Basic Environmentironmental testing procedures - Part 2: Tests - Test A: Cold EN 60068-2-2:2007 Environmentironmental testing - Part 2-2: Tests - Test B: Dry heat
EN 60068-2-30 Environmentironmental testing - Part 2: Tests - Test Db and guidance: Damp heat, cyclic (12 + 12 hour cycle)
Primary safety/EMC
EN 50124-1:2001 Railway applications - Insulation coordination - Part 1: Basic requirements - Clearances and creepage distances for all electrical and electronic equipment
EN 50121-1:2006 Railway applications - Electromagnetic compatibility - Part 1: General
EN 50121-4:2006 Railway applications - Electromagnetic compatibility - Part 4: Emission and immunity of the signalling and telecommunications apparatus
EN 50121-3-1:2006 Railway applications - Electromagnetic compatibility - Part 3-1: Rolling stock - Train and complete vehicle
EN 50121-3-2:2006 Railway applications - Electromagnetic compatibility - Part 3-2: Rolling stock - Apparatus EN 50125-1:1999 Railway applications - Environmentironmental conditions for equipment - Part 1: Rolling
stock and on-board equipment
EN 50125-3:2003 Railway applications - Environmentironmental conditions for equipment - Part 3: Equipment for
signalling and telecommunications
Application examples for the Pluto safety PLC
4
1
2
3
1
Locomotive
Pluto D20 Harsh Environment or Pluto D45 Harsh Environment
− Supervising brake systems
− Switch-off functions for brake systems
− Speed monitoring and control with rotary encoders (acceleration and braking functions)
− Measurement and monitoring functions − Monitoring of protection of high voltage area − Monitoring of pantograph position
− Emergency power supply monitoring
2
/
3
Passenger car
4
Dining car
Pluto D20 Harsh Environment or Pluto D45 Harsh Environment
− Door monitoring using Eden
− Door control, e.g. opening/closing and selection for opening doors on the right or left side of the vehicle
− Overheating protection − Supervising brake systems
− Switch-off functions for brake systems − Measurement and monitoring functions
Pluto safety PLC for a comprehensive concept
D20 / D45 Harsh Environment
Pluto D20 Safety PLC, Harsh Environment Pluto D45 Safety PLC, Harsh Environment
IDFIX-PROG 10k (2TLA020070R2600)
Pluto is a safety PLC concept with the All-Master key feature, which simplifies safety system design and complies with the highest safety level, PL e, according to EN ISO 13849-1 and SIL 3 according to EN 62061, IEC/EN 61508. It also complies with all the relevant parts of EN 50155.
Pluto is an All-Master system for dynamic and static safety circuits, in which the inputs and other data are distributed via the same bus. One input can be used to connect several safety sen-sors, while maintaining the highest safety level. Pluto offers inputs for every safety product on the market. The function of the inputs is defined via the Pluto Manager software that is supplied with the equipment. Apart from failsafe inputs (I), Pluto offers several failsafe relay and transistor outputs (Q).
On every Pluto, even more failsafe inputs, non-failsafe outputs or simultaneous input/outputs (IQ) be set up. The features are provided in a simple way in Pluto Manager. Up to 32 Plutos can be connected to the same Pluto bus, making Pluto able to man-age both small and large safety systems. As Pluto is an All-Master system, each Pluto unit can control its own outputs locally and read the inputs of other Pluto units as easily as its own. Gateways on the Pluto bus allow for data exchange with other systems.
Pluto D20 and D45 with analog inputs
Pluto D20 is equipped with 4, and Pluto D45 with 8 safe analog inputs (4—20 mA/0—10 V). These can be configured as either ordinary failsafe inputs or as analog inputs (0—10 V or 4—20 mA).
Counter inputs Pluto D45
In Pluto D45, four of its analog inputs can be configuredas counter inputs (pulse counting) for frequencies of up to 14,000 Hz. The counter inputs IA0—IA3 can be used in two ways (counting forwards or forwards/backwards).
IDFIX-PROG
With IDFIX-PROG 2k5 or 10k it is possible to save entire projects. IDFIX-PROG is an additional component for the Pluto safety PLC used primarily for models without safety bus. It makes sure that the program can be easily recovered, in case the Pluto should need to be replaced. This means that no laptop is required when replacing units on the rail vehicle, which can lower downtimes to a minimum.
Safety PLC Pluto D20 / D45 Harsh Environment
Technical data
Ordering data Pluto D20 Safety PLC, Harsh Environment 2TLA020070R6401 Pluto D45 Safety PLC, Harsh Environment 2TLA020070R6601 Power supply Operating voltage 24 V DC Voltage tolerance -30% +25%* Max. disconnection 20 msRecommended external fuse 10 A Total power consumption 7 A Own power consumption 500 mA
Electrical insulation Category II according to IEC 61010-1 Failsafe inputs (incl. counter inputs)
I0, I1, I2,.. + 24 V (for PNP sensors)
IQ10, IQ11,.. + 24 V (for PNP sensors) configurable also as non-failsafe outputs
Logical ‘1’ > 12 V
Logical ‘0’ < 8 V
Current at 24 V 5.1 mA
Max. overvoltage 27 V continuous
Analogue inputs (IA0-IA7)
Range 0…10 V / 4...20 mA
Contacts IA0, IA1, IA2, IA3, IA4, IA5, IA6, IA7
Resolution 12 bit
Precision
0—10 V: ±0.4 % of the entire range
4—20 mA: ±0.2 % of the entire range
Counter inputs (Pluto D45)
Maximum frequency 14 kHz at 50% load Failsafe outputs
Q2, Q3: Transistor, -24 V DC, 800 mA
<10 °C: 250 mA
Output voltage tolerance Supply voltage –1.5 V at 800 mA Q0, Q1, Q4, Q5: Relay AC-12: 250 V / 1.5 A
AC-15: 250 V / 1.5 A DC-12: 50 V / 1.5 A DC-13: 24 V / 1.5 A Non-failsafe outputs
IQ10, IQ11,.. Transistor +24 V (PNP open collector) configurable also as non-failsafe inputs Max. current/output: 800 mA
Max. total load: IQ10...17: IQ20..27:
2 A 2 A Indicators
Input/Output LEDs Processor-controlled
General
Casing 90 x 84 x 120 mm (W x H x D)
Installation DIN-rail
Response times for the dynamic signal A or the static (+24 V) signal: Relay outputs Q0, Q1, Q4, Q5: <20.5 ms + program execution time Transistor outputs Q2, Q3: <16.5 ms + program execution time Transistor outputs Q10...Q17: <16.5 ms + program execution time Response times for the dynamic signals B and C:
Relay outputs Q0, Q1, Q4, Q5: <23 ms + program execution time Transistor outputs Q2, Q3: <19 ms + program execution time Transistor outputs Q10...Q17: <19 ms + program execution time Software setting ‘NoFilt’ Response times: 5 ms (5 ms less) Program execution time approx. 10 µs/command Additional response times via the bus:
Normal conditions 10 ms
At fault condition 10—40 ms
Response time extension for Q2
and Q3 at fault condition <10 ms Recognition times
Shortest recognizable impulse 10 ms Ambient temperature -25 to +55 °C Transportation and storage
temperature
-25 to +55 °C
Environmentironment temperature EN 50155 temperature class T2 Humidity:
IEC 60068-2-30, Test Db 90 % at 40 °C (e.g. 90—100 % at +25 °C to +55 °C)
EN 60 204-1 50 % at 40 °C (e.g. 90 % at 20 °C) Enclosure classification, IEC 60 529:
Enclosure IP 40
Connection terminals IP 20 Fire and smoke protection:
EN 45545-2 Hazard levels HL1 to HL3 DIN 5510-2 Fire protection classes 1—2 Functional safety data
SIL according to EN 62061/IEC 61508 SIL 3 PL according to EN ISO 13849-1 PL e Category according to EN ISO 13849-1 4 DCavg according to EN ISO
13849-1
High
CCF according to EN ISO 13849-1 Requirements are met HFT (Hardware fault tolerance) 1
SFF (Safe failure fraction) >99% for single-channel systems >90% for two-channel systems
* The increased tolerance for the Pluto D45 Harsh Environment version is intermittent and must not be used for long periods. At voltages under 18 V and over 30 V, the following warning messages are shown on the display (Er 15 and Er 16). These messages have no influence on the operation and can be suppressed.
Safety PLC Pluto D20 / D45 Harsh Environment
Technical data
Transistor outputs*
PFDAV (for mission time = 20 years) 1.1x10-4
PFHD according to EN 62061/IEC 61508 1.5x10-9
MTTFd according to EN ISO 13849-1 High/1500 years
Relay outputs*
PFDAV (for mission time = 20 years) 1.5x10-4
PFHD according to EN 62061/IEC 61508 2x10-9
MTTFd according to EN ISO 13849-1 High/1100 years
Analog inputs* Pluto D45 2 sensors 1 sensor
SIL according to EN 62061/IEC 61508 up to SIL 3 up to SIL 2
PL according to EN ISO 13849-1 up to PL e up to PL d
DCavg according to EN ISO 13849-1 up to High up to Medium
PFDAV (for mission time = 20 years) 1.5x10-4 1.5x10-3
PFHD according to EN 62061/IEC 61508 1.6x10-9 5.8x10-9
MTTFd according to EN ISO 13849-1 High/1100 years High/400 years
Counter inputs* Pluto D45 2 sensors 1 sensor
SIL according to EN 62061/IEC 61508 up to SIL 3 up to SIL 1
PL according to EN ISO 13849-1 up to PL e up to PL c
DCavg according to EN ISO 13849-1 up to High up to High
PFDAV (for mission time = 20 years) 1.5x10-4 1.5x10-4
PFHD according to EN 62061/IEC 61508 1.6x10-9 1.6x10-9
MTTFd according to EN ISO 13849-1 High/1100 years High/1100 years
Note:
PFDAV = average probability of failure on demand of the safety function
PFHD = average probability of a dangerous failure per hour
MTTFd = average time until a dangerous failure/channel
PL = Performance Level (according to the definition specified in EN ISO 13849-1) SIL = Safety Integrity Level (according to the definition specified in EN 62061/IEC 61508) * from the input to the output (incl. the AS-i and CAN Bus)
Safety PLC Pluto D20 Harsh Environment
Technical data
Overview for inputs/outputs in Pluto D20 Harsh Environment Terminals at Pluto Input/Output name in the
software I/O type Local/global
IA4…IA7 I_.4…I_.7 Safe digital input/Safe analog input 4—20 mA/0—10 V Global
Q0 Q_.0 Safe output (relay) Global
Q1 Q_.1 Safe output (relay) Global
Q2 Q_.2 Safe output (transistor) Global
Q3 Q_.3 Safe output (transistor) Global
IQ10…IQ17 I_.10…I_.17 Safe digital input Global
Q_.10…Q_.17 Non-safe output Local
Where ‘_’ is the Pluto module number.
Safety PLC Pluto D20 Harsh Environment
The Pluto safety PLC D20 has 16 failsafe inputs and 4 independent failsafe outputs (2x relay and 2x transistor). Out of the 16 failsafe inputs, any 4 can be configured as analog inputs with a high 10 bit resolution, and 8 can be configured as non-safe outputs. The analog inputs are analyzed with safe function blocks with scalable outputs.
Failsafe inputs / Indication outputs (not failsafe) / Dynamic outputs
IQ10 IQ11 Power 0V +24V Pluto bus CL IQ12 IQ13 input ID Identifier CH IQ15 IQ14 IQ16 IA0 B B individual failsafe Transistor output, Relay output, individual failsafe B B
Inputs, individual failsafe
Q0 IQ17 IA1 IA2 A IA3 I4 Q1 A I6 Q2 A I7 Q3 A
Pluto D20 Harsh Env
0-24VI5 AI 0-10V/4-20mA DI AI DI AI DI AI DI AI DI DI DI DI
Safety PLC Pluto D45 Harsh Environment
Technical data
Failsafe inputs / Outputs (not failsafe) / Dynamic outputs IQ10 IQ11 supply Power +24V IQ12 IQ13 Identifier IDFIX IQ15 IQ14 IQ16 I30 B
Inputs, individual failsafe
Q0
IQ17
I31 I32 I33 I34 I35 I36
Q2A I37
Pluto D45 Harsh Env
Pluto bus
I45 I40 I41 I42 I43 I44 I46 Digital inputs, individual failsafe
IQ21
IQ20 IQ22 IQ23 IQ24 IQ25 IQ26
B A A Q1 B A Q4 B Q5 A B Q3 B A 0V 0V ID CH CL AI 4L 1L 0L Safety outputs Analogue inputs 0-10V/4-20mA Inputs, individual failsafe
DI IA7 DI AI IA6 DI AI IA5 DI AI IA4 DI AI IA2 DI AI IA1 DI AI IA0 DIIA3AI CS (Shield) Fast counter I47
Overview for inputs/outputs in Pluto D45 Harsh Environment Terminals at Pluto Input/Output name in the
software
I/O type Local/global
IA0…IA3 I_.0…I_.3 Safe digital input/Safe analog input 4—20 mA/0—10 V/counter input Global
IA4…IA7 I_.4…I_.7 Safe digital input/Safe analog input 4—20 mA/0—10 V Global
I30...I37 I_.30…I_.37 Safe digital input Local
I40...I47 I_.40…I_.47 Safe digital input Local
Q0 Q_.0 Safe output (relay) Global
Q1 Q_.1 Safe output (relay) Global
Q2 Q_.2 Safe output (transistor) Global
Q3 Q_.3 Safe output (transistor) Global
Q4 Q_.4 Safe output (relay) Local
Q5 Q_.5 Safe output (relay) Local
IQ10…IQ17 I_.10…I_.17 Safe digital input Global
Q_.10…Q_.17 Non-safe output Local
IQ20…IQ26 I_.20…I_.26 Safe digital input Local
Q_.20…Q_.26 Non-safe output Local
Where ‘_’ is the Pluto module number.
Pluto D45: the all-in-one solution that makes rolling stock safe
The new Pluto safety PLC D45 has 39 failsafe inputs and 6 independent failsafe outputs (4x relay and 2x transistor). Out of the 39 inputs, any 8 can be configured as analog inputs with a high 12 bit resolution, and 15 can be configured as non-safe outputs.
Contacts
2TLC172015B0201
Note
We reserve the right to make technical changes or modify the contents of this document without prior notice. With regard to purchase orders, the agreed particulars shall prevail. ABB does not accept any responsibility whatsoever for potential errors or pos-sible lack of information in this document. We reserve all rights in this document and in the subject matter and illustrations contained therein. Any reproduction, disclosure to third parties or utili-zation of its contents - in whole or in parts – is forbidden without prior written consent of ABB. Copyright© 2016 ABB
All rights reserved
ABB AB Jokab Safety Varlabergsvägen 11 SE-434 39 Kungsbacka Tel. +46 (0) 21-32 50 00 www.abb.com/jokabsafety
