Safety Functions of Logix SIS Components

The following sections discuss the safety functions of Logix SIS components.
For supported catalog numbers and configuration requirements for Logix SIS system components, see the Redundancy Systems User Manual, publication 1756-UM015.

Redundant Safety Controllers

Redundant safety controllers provide the following:
  • Control for safety-related functions in the system.
  • Powerup and runtime functional-diagnostic tests of all safety-related components in the controller.

Redundant Chassis

The redundant chassis provides the physical connections between modules and the system. Any failure is detected as a failure by one or more of the active components of the system. As a result, the chassis is not relevant to the safety discussion.

Redundant Power Supplies

No extra configuration or wiring is required for SIL 2 or SIL 3 operation of redundant power supplies. Any failure is detected as a failure by one or more of the active components of the system. As a result, the power supply is not relevant to the safety discussion.

Communication Modules

Logix SIS uses
EtherNet/IP
communication modules to control and exchange safety data on the
EtherNet/IP
network.
IMPORTANT: The
EtherNet/IP
connection from the front port of a safety controller is not supported.
For communication with remote
FLEX 5000®
safety I/O, Logix SIS requires that you use one of the following communication modules that is configured for concurrent communication:
1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT
Standard I/O modules that communicate via concurrent communication are supported on the same communication modules.
For more information, see Concurrent Communication in Logix SIS.

Safety I/O

To perform safety I/O functions, redundancy-enabled safety controllers can interface only with remote FLEX 5000 safety I/O modules through communication modules that are configured for concurrent communication. These requirements enable a safety controller to execute safety I/ O functions without disruption if a loss of redundancy occurs.
Safety I/O devices, like sensors and actuators, can be connected to remote safety I/O modules. The safety controller monitors and controls the devices.
Safety I/O communication uses the CIP Safety™ protocol. Safety logic is processed in the safety controller.
For more information, see Safety I/O.

Human Machine Interfaces

Follow these precautions and guidelines for HMI devices in SIL-rated safety systems.
In SIL-rated safety systems, you must exercise precautions and implement specific techniques on HMI devices. These precautions include, but are not restricted to the following:
  • Limited access and security
  • Specifications, testing, and validation
  • Restrictions on data and access
  • Limits on data and parameters
Use sound techniques in the application software within the HMI and controller.
HMI-related functions consist of two primary activities:
  • Reading data
  • Writing data
Reading data is unrestricted because reading does not affect the behavior of the safety system. However, the number, frequency, and size of the data being read can affect controller availability. To avoid safety-related spurious trips, use good communication practices to limit the impact of communication processing on the controller. Do not set read rates to the fastest rate possible.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal