The safety encoder makes it possible for the other components to monitor the speed, direction, and position of the motor and/or load and provide feedback if conditions meet a predefined unsafe state. Although the safety controller and/or safety-enabled drive control the process, they are limited without feedback from a safety-rated encoder. Strictly speaking, a safety-rated encoder is certified to the appropriate safety standard; for example, the ACURO AD37 encoder protocol is certified to IEC 61508, SIL3 and ISO 13849, Cat. 3 PLe. Practically speaking, a safety encoder includes:
Safe mechanical interface: Typically oversized or redundant, e.g. the use of a key way and a locking collar
On-board sensors to monitor other equipment: temperature sensor to evaluate motor windings
Dual sensing mechanisms to prevent common-cause failure: a digital absolute optical sensor and an incremental analog optical sensor
Two separate channels to route that data through the encoder: one channel to transmit absolute digital data and the second channel to transmit incremental analog data and diagnostic data from on high for board sensors
A safety-rated electrical interface to transmit data from the slave encoder to the master (drive or PLC)
A safety-rated communications protocol
MTTF of XX
On-board diagnostics/self test
It is important to remember that safety level of the system is only as good as its least-reliable element. Linking a SIL3 encoder to components that have lower safety ratings will not result in a SIL3 system.