beautypg.com

Maintenance overrides, Application program development -35 – Rockwell Automation AADvance Controller Safety Manual User Manual

Page 91

background image


Document: 553630
ICSTT-RM446K-EN-P Issue: 10

_C

4-35

Maintenance Overrides

Maintenance Overrides set inputs or outputs to a defined state that can be
different from the real state during safety operation. It is used during

maintenance, usually to override input or output conditions in order to

perform a periodic test, calibration or repair of a module, sensor or actuator.
To correctly implement a maintenance override scheme within the AADvance

system, the override or 'bypass' logic shall be programmed within the

Application Program, with a separate set of safety-related input points or

variables enabling the bypass logic.

In order to accommodate maintenance overrides safely, TÜV has

documented a set of principles that shall be followed. These principles are

published in the document "Maintenance Override" by TÜV Süddeutschland /
TÜV Product Service GmbH and TÜV Rheinland.
There are two basic methods to check safety-related peripherals connected to

the AADvance system:

External hard-wired switches are connected to conventional system inputs.
These inputs are used to deactivate sensors and actuators during

maintenance. The maintenance condition is handled as part of the system's

application program.

Sensors and actuators are electrically switched off during maintenance and

are checked manually.

In some installations, the maintenance console may be integrated with the

operator display, or maintenance may be covered by other strategies. In such
installations, the guidance given in section is to be followed. A checklist for the

application of overrides is given in the Checklists chapter.

Application Program Development

The application program development shall follow a structured approach as

defined in the AADvance AADvance Workbench documentation.

Development of application software consisting of programs (POUs),

User Defined Functions and user Defined Function Blocks must follow the
requirements defined in IEC 61511 (ANSI ISA-84.00.01) for LVL languages and

the requirements defined in IEC 61508 for FVL languages.
However, these requirements can be waived if the programs (POUs) used
have previously been tested and validated according to IEC61511 (ANSI ISA-

84.00.01)/IEC61508 and validation evidence is provided as part of the Project

Test Documentation.
The stages defined in the following sub-sections shall additionally be applied for

safety related applications.

See also other documents in the category Rockwell Automation Equipment: