On-line modification – Rockwell Automation AADvance Controller Safety Manual User Manual







4-42

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)

Functional testing of all safety related programs is considered to be

100% if:



All inputs are exercised through their entire allowable range



All outputs are exercised through their entire program determined range



All logic paths are exercised



All timers have been tested regarding their timing characteristics without

changing timing parameters



All combinatorial permutations of digital signals, with the exception of

100% tested function blocks, are tested, including fault states.



All combinatorial permutations of analogue signals, with the exception of
100% tested function blocks, are tested within the safety accuracy

granularity.



All timing properties of each safety loop have been verified

Cross Reference Checking

While the aim shall be to minimize the coupling and dependencies between

individual programs, there will inevitably be occasions where, for example, a
variable is used within two or more programs. It is important to ensure that

any application program changes that affect these interactions do not

jeopardize the functional safety.

On-line Modification

It is highly recommended that on-line changes are not performed unless

absolutely necessary as it could reduce the safety integrity of the system while
doing the changes. Where changes have to be carried out on-line alternative

safety measure should be implemented for the duration of the change

procedure.
Certain modifications can be performed without directly affecting the system's

safety function, for example the physical installation of additional modules.

Although these modifications will not affect the system's operation until the
system configuration and application program have been modified, caution shall

be exercised to ensure that the modifications do not affect other safety related

functions.