beautypg.com

Rockwell Automation AADvance Controller Safety Manual User Manual

Page 60

background image

4-4

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)


Certain applications may require energize to action for inputs and/or outputs.

Energize to action configurations shall only be used if the following

restrictions apply:
At least two independent power sources must be used. These power sources

must provide emergency power for a safe process shutdown or a time span
required by the application.
Each power source must be provided with power integrity monitoring with

safety critical input read back into the system controller or implicit power
monitoring provided by the I/O modules. Any power failure shall lead to an

alarm.
Unless provided implicitly in the I/O modules, all safety critical inputs and
outputs must be fitted with external line and load integrity monitoring and

safety critical read back of the line-status signals. Any line or load failure shall

lead to an alarm.
For SIL3 energize to trip applications a minimum of dual output modules shall
be used.
In cases where one or more outputs is used in an energize to action

configuration, all the specific requirements above shall be followed for all
associated inputs.

Controller Process Safety Time (PST)

The Process Safety Time (PST) setting defines the maximum time that the
processor will allow the outputs to remain in the ON state in the event of

certain internal diagnostic faults or systematic application faults. If the process

safety time expires the system will go to its safe state. You have to specify the

PST for the whole controller, this is a top level setting that you make once for
the whole controller and is set at the processor module. I/O modules can be

set at a lower PST but must not exceed this overall setting.
An AADvance controller adopts a default value for the PST = 2500ms. The
system integrator can use the following method to confirm whether this is

acceptable and adjust as necessary.
The value of PST for the controller is governed by this equation:

where PSTeuc is the process safety time for the equipment under control. As

an example, consider a system function using one sensor and one actuator
given the following parameters:

PST

euc

: 10,000ms

See also other documents in the category Rockwell Automation Equipment: