Rockwell Automation AADvance Controller Safety Manual User Manual







5-6

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)

Description

Yes/No

Has guidance been followed to ensure that SIL3 signals are shut
down outside the time limit imposed by the MTTR assumed for
the PFD calculations ?

Has the "Hold Last State" been set up for the Digital Output
channels and if so has the affect on the safety functions been taken
into account ?

Has input or output forcing been used on any channels and have
the affect on the safety function been fully taken into account so
that it does not jeopardize functional safety ?

Has a method of manually removing a forced condition (e.g.

manually operated switches) been set up to remove the forced
condition on safety related inputs ?

Processor and Application Checklist

Description

Yes/No

If bindings communications is used, are the timeouts set to a
response time within the required PST ?

Have you dual/triple processor been configured for SIL3 and high

demand applications ?

Have you recommended shut down actions for single module
configuration outside of the MTTR assumed for the PFD

calculations ?

Has security protection been used to prevent unauthorized access
to the application programs ?

Have full branch and data tests been carried out on IL and ST

program flow functions ?

Have safety related control programs been implemented within
separate programs from non-safety related control elements ?

Is the data flow programmed so that it goes from Safety functions

to non-safety functions ?

Are the processor modules loaded with the latest firmware
versions ?

Are all processors using the same firmware versions ?

Do the application programs ensure that all safety related
elements are in their safe state during start up ?

Have alternate protection measure been considered for safety
related functions should you need to do an on-line change ?