System Status
You can monitor the system status with the following diagnostic tools.
IMPORTANT:
It is your responsibility to determine what data is most appropriate to initiate a shutdown sequence.
Safety I/O Module Diagnostics
IMPORTANT:
You are responsible for providing application logic to latch I/O failures and to verify that the system restarts properly.
Safety I/O modules provide pulse test and monitoring capabilities. If the module detects a failure, it sets the offending input or output to its safe state and reports the failure to the controller. The failure indication is made via input or output status and is maintained for a configurable amount of time after the failure is repaired.
I/O Device Connection Status
IMPORTANT:
You are responsible for providing application logic to latch I/O failures and to verify that the system restarts properly.
The
CIP Safety™
protocol allows the recipients of I/O data to determine the status of that data:- The controller detects input connection failures and then sets all input data to the safe state and the associated input status to faulted.
- The output device detects output connection failures and then de-energizes its outputs.
- Generally, the safety controller also has input connections from output devices. The safety controller determines the status of these input connections, but the input connection status is not the primary mechanism to de-energize outputs.
De-energize to Trip System
Safety controllers are part of a de-energize to trip system, which means that zero is the safe state. Some, but not all, safety I/O device faults cause all device inputs or outputs to be set to safe state. Faults that are associated to a specific input channel result in that specific channel being set to a safe state. For example, a pulse test fault that is specific to channel 0 results in channel 0 input data being set to the safe state. If a fault is general to the device and not to a specific channel, the combined status bit displays the fault status and all device data is set to the safe state.
Get System Value (GSV) and Set System Value (SSV) Instructions
The GSV and SSV instructions let you get (GSV) and set (SSV) controller system data that is stored in device objects. When you enter a GSV/SSV instruction, the programming software displays the valid object classes, object names, and attribute names for each instruction. Restrictions exist for using the GSV and SSV instructions with safety components.
IMPORTANT:
With firmware revision 37, even when your system functions at a SIL 3 level, the SafetySILConfiguration attribute always shows a SIL 2 value. This value is expected because it reflects the Safety Level setting in the controller properties. A SIL2/PLd safety level is the required configuration for safety controllers that are enabled for redundancy.
With firmware revision 38, even when your system functions at a SIL 2 level, the SafetySILConfiguration attribute always shows a SIL 3 value.
IMPORTANT:
The safety task cannot perform GSV or SSV operations on standard attributes.
The attributes of safety objects that the standard task can write are only for diagnostic purposes. They do not affect safety task execution.
For more information about GSV and SSV instructions, see the Logix 5000 Controllers General Instructions Reference Manual, publication 1756-RM003.
Provide Feedback