Safety Application Lock/Unlock

Your safety controller must be online to access these functions. See Online Workspace.
You must first have a safety signature before you can lock the safety controller. To lock or unlock the safety controller, select Lock or Unlock on the Safety tab of the Device properties of the Safety Controller Profile.
The default state of the controller is safety-unlocked. We recommend that you safety-lock the controller to help prevent the safety signature from being deleted accidentally. However, safety-locking the controller is not a requirement for SIL 2 or SIL 3.
The safety-lock/unlock feature applies only to the safety components, such as the safety task, safety programs, safety routines, safety tags, safety I/O, and safety signature. No aspect of safety can be modified while the controller is in the safety-locked state.
When the controller is safety-locked, the following actions are not permitted.
  • Update the firmware
  • Deleting the safety signature
IMPORTANT:
  • If the application is safety-locked, only applications that have not had any safety changes can be deployed to the controller.
    FactoryTalk® Design Studio
    reapplies the signature and lock. You must verify the signature after every deploy.
  • If the application is safety-locked and there have been safety changes, deployment is not allowed. You must manually safety-unlock.
  • If a signed application has had safety changes, it can be deployed only after you acknowledge deletion of the signature.
    FactoryTalk® Design Studio
    deletes the signature, proceeds with the deployment, and leaves the controller unsigned.
Safety-lock and safety-unlock actions are logged in the controller log.

Restricted Access to Safety Lock/Unlock

To provide additional layers of protection, you can restrict access to safety-lock and safety-unlock functionality using RBAC. To comply with IEC-62443-4-2 SL 1 security certification, you must configure restricted access to safety-lock and safety-unlock actions in User Management. For information about setting these permissions, see Managing User Roles and Access.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal