beautypg.com

Rockwell Automation AADvance Controller Safety Manual User Manual

Page 84

background image

4-28

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)


Reactions to faults in the input modules

When an input channel is not capable of reporting a voltage within a safety
accuracy specification of 1% of the full scale measurement range, then the

module returns safe values to the processor. Signals go to a safe state if the

module scan time exceeds the PST (refer to "Input Module Safety Accuracy"
for safe state details). All I/O modules provide front panel indications, store

fault codes in the fault log and can also report via the workbench application

variables. The following status information is provided:

module presence

module health and status

channel health and status

field faults

an echo of the front panel indicators for each module

Availability of input modules

Input modules support redundancy when configured for dual or triple

operation using the appropriate termination assembly. Redundant input

modules may be inserted or removed at any time without any impact on the
safety function of the system. Redundant input modules operate independently

providing independent values of the input values to the processor module.

Termination Assemblies

The termination assemblies are safety critical and provide termination for 16

channels. They connect the field signals to the input modules. The simplex

version connects each input channel to one input module, the dual TA routes
them to two input modules and the triple TA to three input modules.
Digital and analogue input TA circuits both have fuse protection and a high

reliability input load for each channel.

Input Module Safety Accuracy

The input modules determine the channel state and the line fault state by

comparing the input reported values with user programmed threshold values.

When triple analogue input modules are used and active, the system adopts
the median value. When dual modules are used, the lowest reported value is

used. The discrepancy between the redundant channels' measurements are

monitored to determine if they are within the safety accuracy limit.
When the safety accuracy within a channel is detected outside the following

limits then that channel is set to a fail-safe state.

Digital Input Module = 4%

Analogue Input Module = 1%

See also other documents in the category Rockwell Automation Equipment: