DP0016633 - 02-EPHTT2 - FIBER AREA and MACHINE DESCRIPTIVE SAFETY LOGICS

ESSITY MONTERREY
Safety function logic

Fiber area and Machine area PM2
ESSITY MONTERREY
PM2 (EPHTT2)
DESCRIPTIVE LOGIC
SAFETY FUNCTION
FIBER AREA and
MACHINE
Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

Author-Rev-Date: FR - DP0016633_02– 02/12/2021 Page: 1 / 31
ESSITY MONTERREY
SUMMARY
1 SAFETY ____________________________________________________________________________________________ 4
1.1 General indication __________________________________________________________________________ 4

1.1.1 Safety device ___________________________________________________________________________ 4
1.1.2 Gate condition __________________________________________________________________________ 4
1.1.3 Reset condition _________________________________________________________________________ 4
1.1.4 Limit switch or sensor engaged definition ____________________________________________________ 4
2 FIBER AREA ______________________________________________________________________________________ 5
2.1 Flotation area emergency stop ________________________________________________________________ 5

2.1.1 Description ____________________________________________________________________________ 5
2.1.2 Safety input ____________________________________________________________________________ 6
2.1.3 Safety output ___________________________________________________________________________ 6
2.1.4 Condition to reset the emergency stop ______________________________________________________ 7
2.1.5 Testing procedure _______________________________________________________________________ 7
2.1.6 Flotation emergency safety signals mirroring _________________________________________________ 7
2.2 Pulper area emergency stop __________________________________________________________________ 8

2.2.1 Description ____________________________________________________________________________ 9
2.2.2 Safety input ____________________________________________________________________________ 9
2.2.3 Safety output __________________________________________________________________________ 10
2.2.4 Condition to reset the emergency stop _____________________________________________________ 10
2.2.5 Testing procedure ______________________________________________________________________ 11
2.2.6 Pulper emergency safety signals mirroring __________________________________________________ 11
2.3 00412-BF5 Chain conveyor operator access safety light curtain (E-STOP CHAIN CONVEYOR) _____________ 12
2.3.1 Description ___________________________________________________________________________ 12
2.3.2 “Light curtain violated” signal definition ____________________________________________________ 12
2.3.3 Light curtain safety groups cutting _________________________________________________________ 13
2.3.4 Condition to reset the light curtain ________________________________________________________ 13
2.4 Fiber Area Safety group _____________________________________________________________________ 14

2.4.1 Group E-STOP FLO ZONE (Emergency safety function for Flotation Unit) __________________________ 14
2.4.2 Group E-STOP PULPER ZONE (Emergency safety function for MD Pulper Area) _____________________ 14
2.4.3 Group E-STOP CHAIN and BELT CONVEYORS _________________________________________________ 15
3 MACHINE ________________________________________________________________________________________16
3.1 Emergency Stop Function MAC_ESTOP_________________________________________________________ 18

3.1.1 Description ___________________________________________________________________________ 18
3.1.2 Safety Input ___________________________________________________________________________ 18
3.1.3 Safety Output _________________________________________________________________________ 19
3.1.4 Condition to Reset the Machine Emergency Stop _____________________________________________ 21
3.1.6 Safety signals mirroring _________________________________________________________________ 22
3.2 Broke Pulper ______________________________________________________________________________ 22

ESSITY MONTERREY
3.2.1 54550 -ZQ1 Safety Gate UM broke pulper T.S. _______________________________________________ 22

3.2.2 Condition to Open the gate (unlocking of interlock) ___________________________________________ 22
3.2.3 Safety Input ___________________________________________________________________________ 23
3.2.4 Condition to restore the safety groups (gate reset) ___________________________________________ 24
3.2.5 Safety Output _________________________________________________________________________ 24
3.3 Burners stop (to be verified with the customer) _________________________________________________ 25

3.3.1 Burners stop safety function (WET and DRY burners) __________________________________________ 25
3.4 Extinguisher (to be verified with the customer)__________________________________________________ 27

3.4.1 Extinguisher function ___________________________________________________________________ 27
3.5 Machine Safety group ______________________________________________________________________ 29

3.5.1 Group MAC_ESTOP _____________________________________________________________________ 29
3.5.2 Group MAC_ESTOP_DELAYED ____________________________________________________________ 30
3.5.3 Group BROKE CHUTE ___________________________________________________________________ 30
3.5.4 Group BURNERS STOP (BURNER WET and BURNER DRY) _______________________________________ 30
3.5.5 Group pope reel movement REEL-S1 _______________________________________________________ 31

ESSITY MONTERREY
1 SAFETY
1.1 General indication
1.1.1 Safety device
The status of all the safety devices must be visible on the touch panel/DCS:
• Green colour OK
• blinking red/yellow colour not OK
1.1.2 Gate condition

The condition to open or reset one gate must be visible on the touch panel/DCS, so that the operator can see why
it’s not possible to open one gate or to reset one gate.
1.1.3 Reset condition

The condition to reset one safety device (like safety photocell, safety rubber bars, etc.) must be visible on the
touch panel/DCS, so that the operator can see why it’s not possible to reset the safety device.
1.1.4 Limit switch or sensor engaged definition
The limit switches or the sensors in use in this logic, can be NC (normally close) or NO (normally open)
contacts.
The meaning of sensor switch engaged is: the sensor IS SENSING

The meaning of sensor switch not engaged is: the sensor IS NOT SENSING (sensor is FREE)
For ex:
For a NO contact, the sensor is engaged when the signal is ON (sensor is sensing)
For a NO contact, the sensor is not engaged when the signal is OFF (sensor is not sensing, sensor free)
For a NC contact, the sensor is engaged when the signal is OFF (sensor is sensing)
For a NC contact, the sensor is not engaged when the signal is ON (sensor is not sensing, sensor free)

ESSITY MONTERREY
2 Fiber Area
2.1 Flotation area emergency stop
2.1.1 Description
The emergency stop function makes the following actions:
• stops all the involved drives with the minimum time
• stops all the involved motors
When the emergency stop function is called, the outputs are de-energized.
The circuit is in Pl d (for each emergency stop there are two inputs that have to match, with two contactors for
the output and single feedback made by the series of one contact for each safety contactor)

ESSITY MONTERREY
2.1.2 Safety input

The following safety input are involved in the flotation unit emergency stop function:
Sensor
Safe Input Sensor Tag Sensor Type
Location/Connection
Emergency pushbutton
2 DI 40021-SBE1-1&2 +CP40025
(two channels connection)
2 DI 40051-SBE1-1&2 +CP40005
For each push button, two safety channels (signals) are available to process the emergency safety function. The
two channel signals switch OFF when the corresponding push button is pressed. The two channel signals switch
ON when the corresponding push button is released. These actions are surveyed by the safety plc (not by
software, just by plc firmware): the signal commutation ((0 → 1 and 1 → 0)) must respect the discrepancy time
configured (default several msec, time matching supervision) otherwise the safety plc detect an error and the
signal “EmergencyPushButton” is OFF. The architecture to use must be 1oo2.
The software signal (for programming) to take in consideration with 1oo2 architecture is the 1 st one. For this
reason, for each push button the signal “EmergencyPushButton” is ON only when:
• Push button channel #1 is ON (emergency stop function is not calling)
In all the other cases the signal “EmergencyPushButton” is OFF (emergency stop function is calling)
2.1.3 Safety output

The following safety are involved in the Flotation Unit emergency safety function:
Actuator
Safe Output Actuator Tag Actuator Type
Location/Connection
Contactor group E-STOP
2 DO +40051-KM1-A & B +EB88570 FLO_ZONE (Flotation
Unit)
The output circuit is in Pl d (two outputs on two contactors with one feedback made by the series of one
contact for each safety contactor)
When:
• Any one of “EmergencyPushButton” signal is OFF (see 2.1.2 Errore. L'origine riferimento non è
stata trovata.)
all the above safety outputs are immediately de-energized (reset), and the Flotation Unit emergency function is
activated.

ESSITY MONTERREY
2.1.4 Condition to reset the emergency stop
The following safety input signal are involved in the flotation unit reset function:
Sensor
Safe Input Sensor Tag Description
Location/Connection
1=Contactor group E-STOP
1 DI 40051-FKM1 +EB88570 FLO ZONE (Flotation Unit)
de-energized
Emergency reset pushbutton
1 DI 40051-SB2-S +CP40005
(1=reset)
It’s possible to reset the emergency stop when the following conditions are satisfied:
• No “EmergencyPushButton” signal is OFF (no emergency stop pushbuttons pushed)
• (40051-FKM1 “Feedback group E-STOP FLO ZONE” is ON)
When the above conditions are satisfied and the operator pushes the reset pushbutton 40051-SB2-S, the safety
output are energized (set).
1. When the emergency stop is not reset and the condition above are satisfied, the reset lamp 40051-SB2-H is
BLINKING.
2. When the emergency stop is not reset but the condition above is not satisfied, the reset lamp 40051-SB2-H
is switched OFF.
3. When the emergency stop is reset the reset lamp 40051-SB2-H is switched ON.
2.1.5 Testing procedure

• Push the emergency pushbutton and check that
o all the motors in the group go in stop
o all the contactors group must be open
• Open the safety and check that
2.1.6 Flotation emergency safety signals mirroring

• In the DCS pages must be visible all the safety signals status.
• In the DCS pages must be visible the condition to reset the Flotation emergency function to help the
operator to understand why it is not possible to restore the safety groups.
• In the DCS pages must be visible all contactor groups status involved in the Flotation emergency
function.

ESSITY MONTERREY
2.2 Pulper area emergency stop

ESSITY MONTERREY
2.2.1 Description
the output and single feedback made by the series of one contact for each safety contactor)
2.2.2 Safety input

The following safety input are involved in the flotation unit emergency stop function:
Sensor
Location/Connection
2 DI 00453-SBE1-1&2 +CP00453
2 DI 00411-SBE1-1&2 +CP00411

ESSITY MONTERREY
Belt Conveyor Safety

2 DI 00411-ZQ3-ch1&2 +FIELD_CONVEYOR
rope 0=Emergency stop
For each push button (or rope), two safety channels (signals) are available to process the emergency safety
function. The two channel signals switch OFF when the corresponding push button is pressed. The two channel
signals switch ON when the corresponding push button is released. These actions are surveyed by the safety plc
(not by software, just by plc firmware): the signal commutation ((0 → 1 and 1 → 0)) must respect the
discrepancy time configured (default several msec, time matching supervision) otherwise the safety plc detect an
error and the signal “EmergencyPushButton” is OFF. The architecture to use must be 1oo2.
• Push button channel #1 is ON (emergency stop function is not calling)
In all the other cases the signal “EmergencyPushButton” is OFF (emergency stop function is calling)
2.2.3 Safety output

The following safety are involved in the Flotation Unit emergency safety function:
Actuator
Location/Connection
2 DO 00402-KM1-A&B +EB88570 PULPER ZONE (Pulper
Zone)
2 DO 00411-KM1-A&B +EB88570
CONVEYORS
The output circuit is in Pl d (two outputs on two contactors with one feedback made by the series of one
contact for each safety contactor)
When:
• Any one of “EmergencyPushButton” signal is OFF (see 2.2.2)
all the above safety outputs are immediately de-energized (reset), and the Flotation Unit emergency function is
activated.
2.2.4 Condition to reset the emergency stop
The following safety input signal are involved in the flotation unit reset function:
Sensor
Location/Connection
1 DI 00402-FKM1 +EB88570 PULPER ZONE (Pulper
Zone) de-energized
1 DI 00411-FKM1 +EB88570 CHAIN CONVEYOR de-
energized
1 DI 00411-SB6-S +CP00411
(1=reset)
It’s possible to reset the emergency stop when the following conditions are satisfied with a total of 10s delay:
• No “EmergencyPushButton” signal is OFF (no emergency stops pushbuttons pushed)
• (00402-FKM1 “Feedback group E-STOP PULPER ZONE” is ON)
• (00411-FKM1 “Feedback group E-STOP CONVEYORS” is ON)

ESSITY MONTERREY
BLINKING.
2. When the emergency stop is not reset but the condition above is not satisfied, the reset lamp 00411-SB6-H
is switched OFF.

• Push the emergency pushbutton and check that
• Open the safety and check that
2.2.6 Pulper emergency safety signals mirroring

• In the DCS pages must be visible the condition to reset the Pulper emergency function to help the
• In the DCS pages must be visible all contactor groups status involved in the Pulper emergency function.

ESSITY MONTERREY
2.3 00412-BF5 Chain conveyor operator access safety light curtain (E-
STOP CONVEYORS)
2.3.1 Description
The safety light curtain is posed on the access that the operator can use to go and cut the wires on the bales.
2.3.2 “Light curtain violated” signal definition

The signal ChainConveyorLightCurtaiN1Violated is defined as it follows:
• ChainConveyorLightCurtainViolated goes OFF when the Light curtain 00412-BF5 signal is OFF (the
light curtain is intercepted). In this case, the system will de-energize the related safety groups.
• ChainConveyorLightCurtainViolated goes ON when:
o 00411-BF1 signal is ON
AND
operator pushes 00412-SB3-S “Safety Light Curtain Reset”
In this case, the system will energize back the related safety groups.
NOTE: use the hardware configuration/connection 1oo2 for the 00412-BF5 light curtain safety
channels: 00412-BF5-A and 00412-BF5-B.

ESSITY MONTERREY
2.3.3 Light curtain safety groups cutting
The safety input signals involved in this function are the following:
Sensor
Safe Input Sensor Tag/signal Sensor Type
Location/Connection
Chain Conveyor Safety
2 DI 00412-BF5 (chA & chB) +FIELD_PULPER Light Curtain 0=light
curtain intercepted
The safety output signals involved in this function are the following:
Actuator
Location/Connection
00411-KM1-A Contactor group E-STOP CHAIN
2 DO Cabinet (+EB88570)
00411-KM1-B and BELT CONVEYORs
When the ChainConveyorLightCurtainViolated is OFF, the outputs are de-energized.
2.3.4 Condition to reset the light curtain

The following safety input signal are involved in the light curtain reset function:
Sensor
Location/Connection
1 DI 00411-FKM1 +EB88570 CHAIN CONVEYOR de-
energized
1 DI 00411-SB7-S +CP00412 Reset pushbutton
It’s possible to reset the emergency stop when the following conditions are satisfied with a total of 10s delay:
• No “EmergencyPushButton” signal is OFF (no emergency stops pushbuttons pushed)
• (00411-FKM1 “Feedback group E-STOP CHAIN AND BELT CONVEYORS” is ON)
• (00412-BF5 “Chain conveyor operator access safety light curtain” is ON)
1. When the safety function is not reset and the condition above are satisfied, the reset lamp 00411-SB7-H is
BLINKING.
2. When the safety function is not reset but the condition above is not satisfied, the reset lamp 00411-SB7-H is
switched OFF.
3. When the safety function is reset the reset lamp 00411-SB7-H is switched ON.

ESSITY MONTERREY
2.4 Fiber Area Safety group

2.4.1 Group E-STOP FLO ZONE (Emergency safety function for Flotation Unit)
This group is composed by the following devices:
Tag Description Location

40005-M1 MACHINE FLOTATION UNIT FEED STAND-BY PUMP Drive
40015-M1 MACHINE FLOTATION UNIT FEEDING PUMP Drive
40021-M1 MICROFLOTATION SLUDGE PADDLES #1 Drive
40021-M2 MICROFLOTATION SLUDGE PADDLES #2 Drive
40021-M3 MICROFLOTATION FINGER PADDLES #1 Drive
40035-M1 MACHINE SLUDGE CHEST DISCHARGE PUMP Drive
Tab. 2.1
For drives equipment connected in the Profisafe network (where is available) it is possible to use Profisafe communication
to lock the drives (using STO, SS1 safety function1). For MCC equipment it is necessary to cut the safety relay physically
(safety digital output needed).
2.4.2 Group E-STOP PULPER ZONE (Emergency safety function for MD Pulper
Area)

00402-M1 M.D. PULPER PROPELLER GROUP Drive
00405-M1 M.D. PULPER DISCHARGE PUMP Drive
Tab. 2.2
For drives equipment connected in the Profisafe network (where is available) it is possible to use Profisafe communication
to lock the drives (using STO safety function). For MCC equipment it is necessary to cut the safety relay physically
(safety digital output needed).

ESSITY MONTERREY
2.4.3 Group E-STOP CONVEYORS


00411-M1 CHAIN CONVEYOR MCC
00411-M2 BELT CONVEYOR MCC
00411-M3 VIRGIN PULP BELT CONVEYOR LUBRICATION PUMP MCC
Tab. 2.3
For drives equipment connected in the Profisafe network (where is available) it is possible to use Profisafe
communication to lock the drives (using STO safety function). For MCC equipment it is necessary to cut the safety
relay physically (safety digital output needed).

ESSITY MONTERREY
3 Machine

ESSITY MONTERREY

ESSITY MONTERREY
3.1 Emergency Stop Function MAC_ESTOP

3.1.1 Description
• turn-off all the involved device
the output and a single feedback made by the series of one contact for each safety contactor)
3.1.2 Safety Input

The following safety input are involved in the machine emergency safety function:
Sensor
Location/Connection
2 DI 23701-SBE1-1&2 CP23701
(two channel connection)
2 DI 50001-SBE1-1&2 CP50019
2 DI 50001-SBE4-1&2 CP50020
2 DI 50001-SBE5-1&2 CP50021
2 DI 50001-SBE6-1&2 CP50022
2 DI 50001-SBE7-1&2 CP50023
2 DI 51001-SBE1-1&2 CP51001
2 DI 51001-SBE3-1&2 CP51021
2 DI 51001-SBE7-1&2 CP51026
2 DI 51001-SBE9-1&2 CP51027
2 DI 52001-SBE1-1&2 CP52020
2 DI 53001-SBE1-1&2 CP53001
2 DI 53001-SBE2-1&2 CP53020
2 DI 53001-SBE3-1&2 CP53021
2 DI 56001-SBE1-1&2 CP56001
2 DI 80301-SBE1-1&2 CP80320
2 DI 85501-SBE1-1&2 CP85504
For each push button, two safety channels (signals) are available to process the machine emergency safety
function. The two channel signals switch OFF when the corresponding push button is pressed. The two channel
signals switch ON when the corresponding push button is released. These actions are surveyed by the safety plc

ESSITY MONTERREY
(not by software, just by plc firmware): the signal commutation (0 > 1 and 1 > 0) must respect the discrepancy
time configured (default several msec, time matching supervision) otherwise the safety plc detect an error and
the signal “EmergencyPushButton” is OFF. The architecture to use must be 1oo2.
• Push button channel #1 is ON
In all the other cases the signal “EmergencyPushButton” is OFF
3.1.3 Safety Output

The following safety are involved in the machine emergency safety function:
Actuator
Safe Output Actuator Tag Description
Location/Connection
Contactors group
2 DO 50001-KM1-A&B +EB88580
MAC_ESTOP
Contactors group
2 DO 50002-KM1-A&B +EB88580
MAC_ESTOP
Contactor group
2 DO 50005-KM1-A&B +EB88580
MAC_ESTOP_DELAYED
Contactors group
2 DO 54529-KM1-A&B +EB88580 EMERGENCY STOP
BROKE CHUTE
TURN UP (PAPRIMA)
85705-SX13 and 85705- EMERGENCY STOP
2 DO cabinet
SX14 (safety stop to turn up
system)
Contactors group MILL
2 DO 89040-KM1-A&B +EB88580
FIRE EMERGENCY
Contactors group
2 DO 55070-KM0-1&2 +EB88580 EMERGENCY STOP
BURNER WET
Contactors group
2 DO 55080-KM0-1&2 +EB88580 EMERGENCY STOP
BURNER DRY
2 DO 53002-KM1-A&B +EB53005 Contactors group REEL-S1
The cutting circuit is in Pld or Plc according with the items involved in the safety function (two outputs with
one feedback made by the series of one contact for each safety contactor)
When:
• Any one of “EmergencyPushButton” signal is OFF (see 3.1.2)

ESSITY MONTERREY
all the above safety outputs are immediately de-energized (reset) and the machine emergency function is
activated.

ESSITY MONTERREY
3.1.4 Condition to Reset the Machine Emergency Stop
The following safety input signal are involved in the machine emergency function:
Sensor
Location/Connection
1=Contactor group
1 DI 50001-FKM1 +EB88580
MAC_ESTOP de-energized
1=Contactor group
1 DI 50002-FKM1 +EB88580
MAC_ESTOP de-energized
1=Contactor group
1 DI 50005-FKM1 +EB88580 MAC_ESTOP_DELAYED
de-energized
1=Contactor group
1 DI 55070-FKM0 +EB88580 BURNER WET de-
energized
1=Contactor group
1 DI 55080-FKM0 +EB88580 BURNER DRY de-
energized
1 DI EB53005, 2 NC contact in 1=Contactor group REEL-
53002-FKM1
series S1 de-energized
1 DI 53002-FKM2 EB53005, 2 NC contact in 1=Contactor group REEL-
1 DI EB88580, 2 NC contact in 1=Contactor group BROKE
54529-FKM1
series CHUTE de-energized
1 DI EB88580, 2 NC contact in 1=Contactor group MILL
89040-FKM1
series FIRE EMERG de-energized
1 DI 1=Contactor group TURN
85705-SX09 and 85705- EB88580, 2 NC contact in UP (PAPRIMA) de-
SX11 (in series) series energized (safety feedback
from turn up)
1 DI 53001-SB3-S +CP53001
(1=reset)
It’s possible to reset the emergency stop when the following conditions are satisfied:
• No “EmergencyPushButton” signal is OFF (no emergency stop pushbuttons pushed)

• 50001-FKM1 “Feedback group MAC_ESTOP” signal is ON
• 50002-FKM1 “Feedback group MAC_ESTOP” signal is ON
• 50005-FKM1 “Feedback group MAC_ESTOP_DELAYED” signal is ON
• 53002-FKM1 “Feedback group REEL-S1” signal is ON

ESSITY MONTERREY

• 55070-FKM0 “Feedback group BURNER WET ” signal is ON
• 55080-FKM0 “Feedback group BURNER DRY ” signal is ON
• 85705-SX09-SX11 “Feedback from Turn up (PAPRIMA)” signal is ON
• 89040-FKM1 “Feedback group MILL FIRE EMERG” signal is ON
• 54529-FKM1 “Feedback group BROKE CHUTE” signal is ON
All the above reset conditions must be visible on the Operator Station touch screen close to the Pope Reel and on
the DCS, so that the operator can see what is missing to reset the function.
BLINKING.
2. When the emergency stop is not reset but the condition above are not satisfied, the reset lamp 53001-SB3-H
is switched OFF.

Push any emergency pushbuttons and check that
3.1.6 Safety signals mirroring

• In the DCS pages must be visible the condition to reset the machine emergency function to help the
• In the DCS pages must be visible all contactor groups status involved in the machine emergency
function.
3.2 Broke Pulper

3.2.1 54550 -ZQ1 Safety Gate UM broke pulper T.S.
This gate gives access to the Yankee doctor blade area passing over the under machine broke pulper.
When the gate is open (or as soon as 54550-SB2-S is pushed with the ok condition to open the gate), the
involved outputs are de-energized.
3.2.2 Condition to Open the gate (unlocking of interlock)
This safety function is in Performance Level “c” (Pl c): it is composed by single channel sensors (Safety Digital
Inputs, SDI) with high MTTF and by single channel Coil (Safety Digital Outputs, SDO). DiagnosticCoverage
safety function is applied.

ESSITY MONTERREY
It’s possible to open the gate when the following conditions are satisfied:
• (54529-ZQ1-A &-B double channel limit switch “Broke Pulper movable hatch closed”) is ON, TON 6s
In this situation the software signal 54550-LimitSwitchesCondition signal is ON, otherwise is OFF
When it’s possible to open the gate, the open lamp 54550-SB2-H is switched ON.
When the above conditions are satisfied and the operator pushes the open pushbutton 54550-SB2-S, the safety
output are immediately de-energized but the unlock coil 54550-ZQ1-IN is energized after 3s that the pushbutton
54550-SB2-S is maintained pushed, so that it’s possible to open the gate.
When the gate is open (or 54550-SB2-S is already pushed with the ok condition to open the gate), the outputs are
de-energized.
3.2.3 Safety Input

The safety input signals involved in this function are the following:
Sensor
Location/Connection
54550-ZQ1-Y1 Safety Gate UTM broke
2 DI Gate Closed
54550-ZQ1-Y2 pulper T.S.
1=Broke Chute
1DI 54529-PS1 +VB54501
movements locked
1 DI 54550-SB2-S +CP54550 Open pushbutton
1 DI 54550-SB3-S +CP54550 Reset pushbutton
When:
• 54550-ZQ1-Y1 “Gate Closed and Locked channel #1” is ON
AND
55450-ZQ1-Y2 “Gate Closed and Locked channel #2” is ON
the gate is close and locked
When:
• 54550-ZQ1-Y1 “Gate Closed and Locked channel #1” is OFF
OR
54550-ZQ1-Y2 “Gate Closed and Locked channel #2” is OFF
the gate is not closed or not locked.
GATE OPEN REQUEST SIGNAL DEFINITION

The GateOpenRequest signal is defined by the following logic:
• (Gate open push button pressed, 54550-SB2-S is ON
AND
54550-LimitSwitchesCondition signal is ON)
OR
Gate is not not closed or not locked, 54550-ZQ1-Y1 or 54550-ZQ1-Y2 are either not engaged
.

ESSITY MONTERREY
3.2.4 Condition to restore the safety groups (gate reset)
It’s possible to reset the gate when the following conditions are satisfied:
• 54550-ZQ1-Y1 “Gate Closed (Safety Contact 1)” is engaged

AND
54550-ZQ1-Y2 “Gate Closed (Safety Contact 2)” is engaged
• 54529-PS1 “1= broke chute movement locked” is engaged
• Feedback “Emergency OK (not intervened, hardware signal from Machine safety cpu = 0)”
When the above conditions are satisfied and the operator pushes the reset pushbutton 54550-SB3-S, the gate is
reset and the safety output are energized.
1. When the gate is not reset and the condition above are satisfied, the reset lamp 54550-SB3-H is BLINKING.
2. When the gate is not reset but the condition above are not satisfied, the reset lamp 54550-SB3-H is switched
OFF.
3. When the gate is reset the reset lamp 54550-SB3-H is switched ON.
3.2.5 Safety Output

The following outputs are de-energized:
Actuator
Location/Connection
Contactors group Broke
2 DO 54529-KM1 and KM2 +EB88570
Chute
When the gate is not closed or not locked or the machine emergency function is active the safety Contactor groups
are de-energized according with the following logic:
• Gate not closed or not locked
OR
Machine emergency function is active
OR
GateOpenRequest signal is ON
The contactor group Broke Chute is immediately de-energized (reset)


In the DCS pages must be visible all contactor groups status involved in the machine emergency function.

ESSITY MONTERREY
3.3 Burners stop (to be verified with the customer)

3.3.1 Burners stop safety function (WET and DRY burners)
3.3.1.1 Description
The burners can be safety stopped by machine emergency safety signal.
3.3.1.2 Safety input

The following safety input are involved in the burners stop safety function:
Sensor
Location/Connection
- Machine emergency stop - Machine emergency stop
89040-SX1 Extinguisher signal from
2 DI Mill interconnection
89040-SX2 Mill
Steam Condensate from
1 DI 83633-TS1 On Field
R0, 0= high temperature
When the machine emergency stop is active or the extinguisher signal from mill is OFF, all the contactor group
for burner wet and burner dry are immediately cut:
3.3.1.3 Safety output

The following safety output are involved in the burners stop safety function:
Actuator
Location/Connection
Contactor group
2 DO 55070-KM0-A & B Cabinet
BURNER WET
Contactor group
BURNER DRY
The cutting circuit is in Pld (two outputs with one feedback made by the series of one contact for each safety
contactor)
The logic for the outputs cutting is the following.
When:
• Machine emergency function is active
OR
(89040-SX1 ‘0= MILL EMERGENCY FIRE ACTIVE CH1’ is OFF
OR
89040-SX2 ‘0= MILL EMERGENCY FIRE ACTIVE CH2’ is OFF)
OR
83633-TS ‘Steam Condensate from R0, 0= high temperature’ is OFF
All the above safety output are immediately de-energized (reset).

ESSITY MONTERREY
3.3.1.4 Condition to reset the burner stop

The following safety unput are involved in the burners safety reset function:
Sensor
Location/Connection
1=Contactor group
1 DI 55070-FKM0 +EB88580 BURNER WET de-
energized
1=Contactor group
1 DI 55080-FKM0 +EB88580 BURNER DRY de-
energized
Steam Condensate from R0,
1 DI 83633-TS1 On Field
0= high temperature
It’s possible to reset Burner stop safety function when the following conditions are satisfied:
• “Feedback contactor 55070-FKM0 Burner wet hood” signal is ON

• “Feedback contactor 55080-FKM0 Burner dry hood” signal is ON
• 83633-TS1 ‘Steam Condensate from R0, 0= high temperature’ is ON
• Machine Emergency not active
When the above conditions are satisfied and the operator reset the machine emergency stop function, the safety
output are automatic energized again (set).
Note 1:
After this safety stop function, both burners need a local reset before to start again.
Note 2: the thermo switch 83633-TS1 must be acknowledged manually only!


In the DCS pages must be visible all contactor groups status involved in the machine emergency function.

ESSITY MONTERREY
3.4 Extinguisher (to be verified with the customer)

3.4.1 Extinguisher function
3.4.1.1 Description
The extinguisher function makes the following actions:
• stops the involved drives with the minimum time (with safety outputs de-energization)
• performs several specific action by no-safety logic (see Note 3.4.1.7)
When the extinguisher function is called, the outputs are de-energized.
3.4.1.2 Safety input

The following safety input are involved:
Sensor
Location/Connection
89040-SX1 Extinguisher signal from
2 DI Mill interconnection
89040-SX2 Mill
- Machine emergency stop - Machine emergency stop
When:
• (89040-SX1 ‘0= MILL EMERGENCY FIRE ACTIVE CH1’ is OFF
OR
89040-SX2 ‘0= MILL EMERGENCY FIRE ACTIVE CH2’ is OFF)
OR
Machine emergency function is active
The extinguisher safety function is active and the involved safety output are immediately cut (see 3.4.1.4)
3.4.1.3 Condition to Reset the Extinguisher function
The extinguisher function reset is done by the following situation (coming from mill signal):
• 89040-SX1 ‘0= MILL EMERGENCY FIRE ACTIVE CH1’ is ON

AND
89040-SX2 ‘0= MILL EMERGENCY FIRE ACTIVE CH2’ is ON
AND
Machine Emergency not active
All the above signals must be visible on the DCS, so that the operator can see what is missing to start again the
production.
Note:
After this safety stop function, both burners need a local reset before to start again.

ESSITY MONTERREY
3.4.1.4 Safety output

The following outputs are de-energized:
Actuator
Location/Connection
Contactor group
BURNER WET1
Contactor group
BURNER DRY
Contactors group MILL
FIRE EMERGENCY
3.4.1.5 Testing procedure

Disengage the extinguisher signa from mill and check that
o all the involved contactors group must be open
o the logic function described in Logic function (3.4.1.6) is performed
3.4.1.6 Logic function

When the extinguisher function is active, the following actions will happen (simultaneously actions):
1. The burners are stopped by safety output (see 3.3.1.3)
2. Stop 20505-M1 “Machine Chest Discharge Pump” (in order to interrupt the stock on machine)
3. Force the Hoods to stay closed (normally the hoods open in case of StockOnWire signal OFF)
4. Force 55050-M1 “Wet side process air fan V1” to the minimum speed (50% of the maximum setting
speed)
5. Force 55052-M1 “Dry side process air fan V2” to the minimum speed (50% of the maximum setting
speed)
6. Force 55054-M1 “Hood exhaust fan V3” to stay fixed to the current speed
7. Force open 55338-AV1 “Wet Yankee hood roof washing valve”
8. Force open 55348-AV1 “Dry Yankee hood roof washing valve”
9. Stop 81130-M1 “Dust System Fan”
3.4.1.7 Note
When all the reset conditions are satisfied:
- The hoods open (the force close condition is removed and the StockOnWire signal is OFF)
- The valve 55338-AV1 “Wet Yankee hood roof washing valve” close (Force open is removed)
- The valve 55348-AV1 “Dry Yankee hood roof washing valve” close (Force open is removed)
All the other devices involved in the extinguisher function do not change their status (the devices take back the
automatic control)

ESSITY MONTERREY
3.5 Machine Safety group

3.5.1 Group MAC_ESTOP

52010-M1 DRIVE MOTOR YANKEE DRIVES
52010-M2 DRIVE MOTOR YANKEE #2 DRIVES
50010-M1 FORMING ROLL MOTOR DRIVES
51011-M FELT ROLL MOTOR DRIVES
23510-M1 FAN PUMP MOTOR #1 DRIVES
23510-M2 FAN PUMP MOTOR #2 DRIVES
23505-M1 FAN PUMP PREDILUTION PUMP DRIVES
50020-M1 HEADBOX SLICE MOVEMENT +MCC
50032-M1 WIRE STRETCHER +MCC
50045-M1 WATER CONVEYOR MOVEMENT +MCC
51045-M1 TAIL CUTTER MOTOR +DRIVES
51032-M1 FELT AUTOMATIC STRETCHER +MCC
HP FELT OSCILLATING WASHING
51041-M1 +CP50040
SHOWER
50020-M1 HEADBOX SLICE MOVEMENT +MCC
50032-M1 WIRE STRETCHER +MCC
HP WIRE OSCILLATING SHOWER MOTOR
50041-M1 +CP50040
#1
HP WIRE OSCILLATING SHOWER MOTOR
50042-M1 +CP50040
#2
53008-M1 POPE GREASE PUMP +MCC
54002-M1 OIL LUBRICATION UNIT PUMP #1 +MCC
54003-M1 OIL LUBRICATION UNIT PUMP #2 +MCC
54004-H1 OIL LUBRICATION UNIT HEATER #1 +MCC
53080-M1 HYDRAULIC UNIT POPE REEL PUMP 1 +MCC
53081-M1 HYDRAULIC UNIT POPE REEL PUMP 2 +MCC
53082-H1 HYDRAULIC UNIT POPE REEL HEATER 1 +MCC
53082-H2 HYDRAULIC UNIT POPE REEL HEATER 2 +MCC
HYDRAULIC UNIT POPE REEL
53085-M1 +MCC
RECIRCULATION PUMP
PRIMARY ARMS RELIEVING CONTROL
53020-EN1 +HU53003
CARD
PRIMARY ARMS CLAMP PRESSURE
53020-EN2 +HU53003
CONTROL CARD
SECONDARY ARMS PRESSURE CONTROL +HU53003
53030-EN1
CARD D.S.
SECONDARY ARMS PRESSURE CONTROL +HU53003
53030-EN2
CARD T.S.
52550-YV1 NEXPRESS SHOE 1=LOAD +HP52505
NEXTPERSS HEADS 1=UNLOCK
52555-YV1 +HP52505
MOVMENT T.S.
NEXTPRESS HEADS 1=UNLOCK
52555-YV2 +HP52505
MOVEMENT D.S.
52559-YV1 NEXTPRESS 1=LIFT; 0=LOWER +HP52505
NEXTPRESS MANIFOLD PRESSURE PUMP
52505-M1 DRIVES
#1

ESSITY MONTERREY
NEXTPRESS MANIFOLD PRESSURE PUMP

52506-M1 DRIVES
#2
52510-H1 NEXTPRESS UNIT HEATER #1 MCC
52511-H1 NEXTPRESS UNIT HEATER #2 MCC
52509-M1 NEXTPRESS EXHAUST FAN MCC
56001-YV1-A&B STEAM PLANT SHUT OFF VALVE +FIELD_STEAM
STEAM PLANT PNEUMATIC PANEL AIR
56005-YV1 +FIELD_STEAM
DISCHARGE VALVE
54502-M1 BROKE PULPER PROPELLER GROUP #1 MCC
Tab. 3.1
3.5.2 Group MAC_ESTOP_DELAYED

Take in consideration this group only if in use:

NEXTPRESS LUBRICATION NOZZLE
52501-M1 DRIVES
PUMP 1
NEXTPRESS LUBRICATION NOZZLE
52502-M1 DRIVES
PUMP 2
NEXTPRESS LUBRICATION BEARINGS
52503-M1 MCC
PUMP 1
NEXTPRESS LUBRICATION BEARINGS
52504-M1 MCC
PUMP 2
52516-M1 NEXTPRESS BELT PRESSURIZER #1 DRIVES
52517-M1 NEXTPRESS BELT PRESSURIZER #2 DRIVES
CUT OFF DOCTOR OSCILLATING
52020-M1 MCC
MOTOR
CREEPING DOCTOR OSCILLATING
52025-M1 MCC
MOTOR
CLEANING DOCTOR OSCILLATING
52030-M1 MCC
MOTOR
3.5.3 Group BROKE CHUTE


54529-YV1 BROKE CHUTE LOCK VALVE +VB54501
54529-YV2-A BROKE CHUTE OPEN VALVE +VB54501
54529-YV2-B BROKE CHUTE CLOSE VALVE +VB54501
3.5.4 Group BURNERS STOP (BURNER WET and BURNER DRY)


Hardware
contact for G1 WET/DRY HOOD BURNER Burner box
and G2

ESSITY MONTERREY
3.5.5 Group pope reel movement REEL-S1

See pope reel safety logic







DP0016633 - 02-EPHTT2 - FIBER AREA and MACHINE DESCRIPTIVE SAFETY LOGICS

Uploaded by

Copyright:

Available Formats

DP0016633 - 02-EPHTT2 - FIBER AREA and MACHINE DESCRIPTIVE SAFETY LOGICS

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DP0016633 - 02-EPHTT2 - FIBER AREA and MACHINE DESCRIPTIVE SAFETY LOGICS

Uploaded by

Copyright:

Available Formats

ESSITY MONTERREY

Safety function logic

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

1.1 General indication __________________________________________________________________________ 4

2 FIBER AREA ______________________________________________________________________________________ 5

2.1 Flotation area emergency stop ________________________________________________________________ 5

2.2 Pulper area emergency stop __________________________________________________________________ 8

2.4 Fiber Area Safety group _____________________________________________________________________ 14

3.1 Emergency Stop Function MAC_ESTOP_________________________________________________________ 18

3.2 Broke Pulper ______________________________________________________________________________ 22

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

3.2.1 54550 -ZQ1 Safety Gate UM broke pulper T.S. _______________________________________________ 22

3.3 Burners stop (to be verified with the customer) _________________________________________________ 25

3.4 Extinguisher (to be verified with the customer)__________________________________________________ 27

3.5 Machine Safety group ______________________________________________________________________ 29

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

1.1.2 Gate condition

1.1.3 Reset condition

1.1.4 Limit switch or sensor engaged definition

The meaning of sensor switch engaged is: the sensor IS SENSING

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.1.2 Safety input

2.1.3 Safety output

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.1.4 Condition to reset the emergency stop

2.1.5 Testing procedure

2.1.6 Flotation emergency safety signals mirroring

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.2 Pulper area emergency stop

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.2.2 Safety input

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

Belt Conveyor Safety

2.2.3 Safety output

2.2.4 Condition to reset the emergency stop

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.2.5 Testing procedure

2.2.6 Pulper emergency safety signals mirroring

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.3.2 “Light curtain violated” signal definition

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.3.3 Light curtain safety groups cutting

When the ChainConveyorLightCurtainViolated is OFF, the outputs are de-energized.

2.3.4 Condition to reset the light curtain

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.4 Fiber Area Safety group

Tag Description Location

Tag Description Location

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

2.4.3 Group E-STOP CONVEYORS

Tag Description Location

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC

3.1 Emergency Stop Function MAC_ESTOP

3.1.2 Safety Input

Author-Date: F.R – 11/10/2021 DESCRIPTIVE LOGIC