Safety Applications

The safety concept assumes the following requirements:
  • You are responsible to create, operate, and maintain the safety application.
  • You are fully qualified, specially trained, and experienced in safety systems.
  • You apply the logic correctly to detect programming errors through strict adherence to specifications, programming, and naming rules.
  • You perform a critical analysis of the application and use all possible measures to detect a failure.
  • You confirm all application downloads via a manual check of the safety signature.
  • You perform a complete functional test of the entire system before the operational startup of a safety-related system. This test includes, but is not limited to, the following:
    • Validate that the overall functionality of the implemented safety functions, including I/O configuration via Add-On Profiles, beyond the limits of the individual devices (boundary testing).
    • Verify that the correct versions of software are used.
Effect of Controller Modes on Safety Execution
Controller Mode
Controller Safety Execution
Program
  • Safety input and output connections are established and maintained. Safety input tags are updated to reflect safety input values.
  • Safety mapped tags are updated to reflect the standard controller tag values.
  • Safety task logic is not being scanned.
Test
  • Safety input and output connections are established and maintained. Safety input tags are updated to reflect safety input values.
  • Safety mapped tags are updated to reflect the standard controller tag values.
  • Safety task logic is being scanned.
Run
  • Safety input and output connections are established and maintained:
    • Safety input tags are updated to reflect safety input values.
    • The controller sends 'run' safety output packets.
  • Safety mapped tags are updated to reflect the standard controller tag values.
  • Safety task logic is being scanned.
  • All safety task process logic, cross-compare logic outputs. Logic outputs are written to safety outputs.
Safety Application Status
Safety Task Status
Safety Rating1 (Up to and Including)
Controller Behavior
Unlocked no signature
Only for development purposes
  • Safety I/O forces can be present.
  • Safety I/O forces can be modified.
  • Safety online editing is allowed.
  • Safety memory is isolated, but is unprotected (read/write).
  • Download allowed if a major firmware revision of the offline project matches the target controller.
Locked no signature
Only for development purposes
  • Safety I/O forces are not allowed. Forces of safety I/O must be removed before locking is possible.
  • Online editing of the safety task is not allowed.
  • Safety memory is protected (read-only).
  • Download is not allowed.
Unlocked with signature
SIL 2/SIL 3 (per controller)
  • Safety I/O forces are not allowed. Forces of safety I/O must be removed before locking is possible.
  • Online editing of the safety task is not allowed.
  • Safety memory is protected (read-only).
  • Safety signature is unprotected and anyone who has access to the controller can delete it.
  • Download allowed if a major firmware revision of the offline project matches the target controller.
Locked with signature
SIL 2/SIL 3 (per controller)
  • Safety I/O forces are not allowed.
  • Online editing of the safety task is not allowed.
  • Safety memory is protected (read-only).
  • Safety signature is protected. You must enter the unlock password to unlock the controller before you can delete the safety signature.
  • Download is allowed if the major and minor firmware revision and signature of the offline project match the target controller, the project is safety-locked, and the safety task status of the controller is OK.
IMPORTANT: If the controller is safety-locked and the safety-unlock password is lost and a download is needed, you must perform a Stage 1 reset of the controller.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal