beautypg.com

Functional safety assessment, Safety integrity design – Rockwell Automation AADvance Controller Safety Manual User Manual

Page 32

background image

2-8

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)


Functional Safety Assessment

The functional safety assessment shall confirm the effectiveness of the
functional safety performance of the system. The assessment, in this

context, is limited to the safety-related system and should confirm that

the system is designed, constructed and installed in accordance with the
specified safety requirements.
The assessment shall consider each required safety function and its

associated safety properties. The effects of faults and errors within the
system and application programs, failures external to the system and

procedural deficiencies in these safety functions are to be considered.
The assessment is to be carried out by an audit team that shall include

independent assessors from outside of the project. At least one functional
safety assessment shall be performed before the start-up of the system

and the introduction of any potential hazards.

Safety Integrity Design

Safety Integrity

The architecture of the AADvance system has been designed to allow a
scalable system to be configured using standard components. The

configurations available range from simplex fail-safe to TMR fault

tolerance.
The processor module has been designed to meet the requirements for
SIL2 with one, two or three processor modules and SIL3 when two or

three modules are fitted. Input and output modules have been designed

to meet SIL3 requirements with a single module in a fail-safe mode.
The processor module and the individual I/O modules have built in

redundancy and have been designed to withstand multiple faults and

support a fixed on-line repair by replacement configuration in dual and
triple modular redundant configurations. The input and output modules

support a number of architecture options; the effects of the chosen

architecture should be evaluated against the system and application

specific requirements.

See also other documents in the category Rockwell Automation Equipment: