Safety Concept

The safety concept assumes the following requirements.
  • You are responsible to create, operate, and maintain the safety application.
  • You are fully qualified, specially trained, and experienced in safety systems.
  • You apply the logic correctly to detect programming errors through strict adherence to specifications, programming, and naming rules.
  • You must confirm that the Ladder Diagram logic is entered correctly in
    FactoryTalk® Design Studio
    . Use the Code Editor and Commit History comparison tools to review the textual representation of the logic code. We strongly recommend that multiple people review the code.
  • You must confirm that the safety-related parameters (safety-related properties of safety objects and safety tag values) are correct in the safety controller before you generate a safety signature. These values can change after application deployment. Use the Safety Confirmation Report to review the parameters (see Confirm the Project).
  • You perform a critical analysis of the application and use all possible measures to detect a failure.
  • You confirm all application deployments with a manual check of the safety signature.
  • You perform a complete functional test of the entire system before the operational startup of a safety-related system. This test includes, but is not limited to, the following.
    • Validate that the overall functionality of the implemented safety functions, including I/O configuration via Add-on Profiles, beyond the limits of the individual devices (boundary testing).
    • Verify that the correct versions of software are used.
Safety Controller Status
Status
Safety Rating (Up to and Including)
Controller Behavior
No signature
Only for development purposes
  • Safety memory is isolated, but is unprotected (read/write).
  • Deploy allowed if a major firmware revision of the offline controller matches the target controller.
Unlocked with signature
SIL 3/PLe/Cat. 4 control reliable
  • Safety memory is protected (read-only).
  • Safety signature is unprotected and anyone with the correct permission can delete it.
  • Deploy allowed if major firmware revision of the offline controller matches the target controller.
Locked with signature
SIL 3/PLe/Cat. 4 control reliable
  • Safety memory is protected (read-only).
  • Safety signature is protected.
  • Deploy is allowed if the major and minor firmware revision and signature of the offline project match the target controller, the controller is safety-locked, and the safety task status of the controller is OK.
IMPORTANT: To achieve the safety ratings listed in Table 1, you must adhere to the safety requirements defined in this safety reference documentation.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal