Safety Application Lock/Unlock
Your safety controller must be online to access these functions. See Online Workspace.
You must first have a safety signature before you can lock the safety controller. To
lock or unlock the safety controller, select Lock or Unlock on the Safety tab of the
Device properties of the Safety Controller Profile.
The default state of the controller is safety-unlocked. We recommend that you
safety-lock the controller to help prevent the safety signature from being deleted
accidentally. However, safety-locking the controller is not a requirement for SIL 2
or SIL 3.
The safety-lock/unlock feature applies only to the safety components, such as the
safety task, safety programs, safety routines, safety tags, safety I/O, and safety signature. No aspect of
safety can be modified while the controller is in the safety-locked state.
When the controller is safety-locked, the following actions are not permitted.
- Update the firmware
- Deleting the safety signature
IMPORTANT:
- If the application is safety-locked, only applications that have not had any safety changes can be deployed to the controller.FactoryTalk® Design Studio™reapplies the signature and lock. You must verify the signature after every deploy.
- If the application is safety-locked and there have been safety changes, deployment is not allowed. You must manually safety-unlock.
- If a signed application has had safety changes, it can be deployed only after you acknowledge deletion of the signature.FactoryTalk® Design Studio™deletes the signature, proceeds with the deployment, and leaves the controller unsigned.
Safety-lock and safety-unlock actions are logged in the controller
log.
Restricted Access to Safety Lock/Unlock
To provide additional layers of protection, you can restrict access to safety-lock
and safety-unlock functionality using RBAC. To comply with IEC-62443-4-2 SL 1
security certification, you must configure restricted access to safety-lock and
safety-unlock actions in User Management. For information about setting these
permissions, see Managing User Roles and Access.
Provide Feedback