Logix SIS Safety Faults
Logix SIS can experience the following types of faults.
Major Nonrecoverable Faults
A major nonrecoverable fault typically indicates that one controller has a hardware or program fault that prevents operation. For example, if a safety diagnostic detects a problem in the hardware, a major nonrecoverable fault occurs. In this case, the system attempts to execute the safety task on the other controller while the faulted controller shuts down.
Safety Program Faults
Because the safety task executes concurrently on the primary and secondary controllers, most safety program faults occur on both controllers in the same scan, but at slightly different times. Examples of safety program faults include programming issues or safety task watchdog faults.
A safety program fault on both controllers has one of the following results:
- If the fault first occurs on the secondary controller, the redundant chassis pair becomes disqualified.
- If the fault first occurs on the primary controller, then a switchover occurs.
Cross-compare Faults
During synchronized operation between a primary and secondary controller, the controllers cross-check the results of the safety task. If the cross-check fails, a fault occurs and both controllers shut down.
Loss-of-safety Faults
If a loss of redundancy occurs, the safety function is temporarily muted while the system determines the controller to become the lone primary. If the safety task cannot determine the new primary within a certain amount of time, a fault occurs.
For more information about safety function muting, see Safety Function Muting.
View Faults
The Recent Faults dialog box on the Major Faults tab of the Controller Properties dialog box contains two subtabs, one for standard faults and one for safety faults.
The status display on the controller also shows fault codes with a brief status message. For more information about status indicators, see the controller user manual.
Fault Codes
Safety controllers show fault codes on the Major Faults tab of the Controller Properties dialog box and in the PROGRAM object, MAJORFAULTRECORD or MINORFAULTRECORD attribute.
IMPORTANT:
This manual links to Logix 5000 Controller and I/O Fault Codes and Syslog Messages, 1756-RD001; the file automatically downloads when you click the link.
Override Safety Faults
To enable standards tasks to continue after a safety fault, you can override the safety fault in the controller-scoped fault handler. Before you override a safety fault in Logix SIS, consider the following:
- Standard task impact—The controller-scoped fault handler runs only on the primary controller. If you override a safety fault from the controller-scoped fault handler, standard tasks continue only on the primary controller. Standard tasks continue on the primary controller, and the redundant chassis pair becomes disqualified.
- Safety task impact—If you override a safety fault from the controller-scoped fault handler, the safety task stops on both controllers.
ATTENTION:
Overriding a safety fault does not clear the fault. If you override a safety fault, it is your responsibility to prove that operation of your system is still safe.
You must provide proof to your certifying agency that your system can continue to operate safely after an override of a safety fault.
You must clear the safety fault to start the safety function again, and you must requalify the system to restore safety task execution on both controllers to meet SIL 3 requirements.
Provide Feedback