beautypg.com

Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

Page 96

background image

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 75 of 103

8.2.2.2 Multiple Input / Output Safety Configuration

Where the safety integrity level requires multiple sensors and final elements from a
safety loop, then these configurations will be as follows.

8.2.2.3 Dual Sensors

These will be voted by the application logic in a 1oo2 manner such that either sensor
providing an alarm status requires a shutdown.

Where the sensor diagnostics provide fault status then the safety loop may revert to a
1oo1 voting on the good sensor for the time constraint of the sensor's safety loop. At
the termination of this time constraint the loop will demand a shutdown.

A single remaining sensor going into fault will demand an immediate shutdown.

8.2.2.4 Triplicated Sensors

These will be voted on a 2oo3 basis by the application logic; however, once a sensor
has been voted as bad, the voting logic will revert to a 1oo2 vote on the remaining two
sensors following the strategy determined for dual sensors.

8.2.2.5 Dual Final Elements

These are to be configured in a 1oo2 manner such that either output requires a
shutdown.

8.2.2.6 Hot Repair Adapters

Wherever dual slot hot repair facilities are required, the hot repair adapter boards must
be fitted on the chassis backplane.