Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Safety Manual
ISSUE: 1.2
DOCUMENT: 553630
SSB Technology
Notice The content of this document is confidential to Rockwell Automation companies and their partners. It may not be given away, lent, resold, hired out or made available to a third party for any purpose without the written consent of Rockwell Automation. This document contains proprietary information that is protected by copyright. All rights are reserved. The information contained in this document is subject to change without notice and does not represent a commitment on the part of Rockwell Automation. The reader should, in all cases, consult Rockwell Automation to determine whether any such changes have been made. From time to time, amendments to this document will be made as necessary and will be distributed by Rockwell Automation. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose, without the express written permission of Rockwell Automation. All trademarks are acknowledged. Disclaimer It is not intended that the information contained in this publication covers every possible detail about the construction, operation, or maintenance of a control system installation. You should refer to your own (or supplied) system safety manual, installation instructions and operator/maintenance manuals. Revision and Updating Policy This document is based on information available at the time of its publication; however, the document contents are subject to change from time to time. You should contact Rockwell Automation Technical Support by e-mail support@icstriplex.com to check if you have the latest version of this publication. This Safety Manual applies to AADvance Release: 1.2.
ii
Issue Record
Issue 1.2
CAUTION Caution notices call attention to methods and procedures which must be followed to avoid damage to the equipment.
SAFETY This symbol calls attention to items which must be considered and implemented when designing and building a safety system using the AADvance range of products.
iii
WARNING
MAINTENANCE Maintenance must be carried out only by qualified personnel. Failure to follow these instructions may result in personal injury.
CAUTION
RADIO FREQUENCY INTERFERENCE Most electronic equipment is influenced by Radio Frequency Interference. Caution should be exercised with regard to the use of portable communications equipment around such equipment. Signs should be posted in the vicinity of the equipment cautioning against the use of portable communications equipment.
CAUTION
STATIC SENSITIVE COMPONENTS The module PCBs contains static sensitive components. Static handling precautions must be observed. DO NOT touch exposed connector pins or attempt to dismantle a module.
iv
Foreword This technical manual defines how to safely apply AADvance controllers and their systems. It sets out standards (which are mandatory) and makes recommendations to ensure that installations meet their required safety integrity level. To do this, it addresses how such installations are designed, built, tested, installed and commissioned, operated, maintained and decommissioned. It defines the requirements to be met during the life-cycle stages of safety-related systems design and commissioning so the safety objectives of the system are achieved during operation. There are requirements for quality systems, documentation and competency in this technical manual; these are additional requirements for an operating company's or integrator's quality systems, procedures and practices. Note: The AADvance controller is a logic solver. It uses processor modules and I/O modules. An AADvance system is formed by one or more controllers, their power sources, communications networks and workstations. Who Should Use this Manual This manual is intended primarily for System Integrators. The information contained in this manual is intended to be used in conjunction with (and not as a substitute for) expertise and experience in safety-related systems. In particular, it is expected that the reader has a thorough understanding of the intended application and can understand the generic terms used within this manual and the terminology specific to the integrator's or project's application area. This manual is designed to support personnel who are already trained. Rockwell Automation operates suitable training courses from all its regional centers. Note: The System Integrator remains responsible for the generation of procedures and practices applicable to its business, and shall ensure that these are in accordance with the requirements defined herein. The application of such procedures and practices is also the responsibility of the system integrator, and these are mandatory for systems used for SIL3 applications.
vi
Contents
Chapter 1
Introduction ............................................................................................. 1-1 Verification of the Safety Manual.................................................................................................................... 1-1 Competency........................................................................................................................................................ 1-1 Terminology ........................................................................................................................................................ 1-2 Vocabulary and Conventions .................................................................................................................... 1-2 Process Safety Time .................................................................................................................................... 1-2 Fault Tolerance in Safety Applications.................................................................................................... 1-2 The AADvance Controller.............................................................................................................................. 1-3 AADvance Features .......................................................................................................................................... 1-4 Associated Documents..................................................................................................................................... 1-5 Controller Certification ................................................................................................................................... 1-6 TUV Certification ........................................................................................................................................ 1-6 Certification for use in General Industrial Control and Hazardous Environments. .................... 1-7
Chapter 2
The Safety Management System ..................................................................................................................... 2-1 The Safety Life-cycle.......................................................................................................................................... 2-2 Scope Definition........................................................................................................................................... 2-2 Hazard and Risk Analysis ........................................................................................................................... 2-2 System Functional and Safety Requirements ......................................................................................... 2-3 System Engineering ...................................................................................................................................... 2-3 Application Programming........................................................................................................................... 2-4 System Production....................................................................................................................................... 2-4 System Installation Environment .............................................................................................................. 2-5 System Integration ....................................................................................................................................... 2-5 System Commissioning............................................................................................................................... 2-5 Safety System Validation............................................................................................................................. 2-5 Operation and Maintenance Plan ............................................................................................................. 2-6 Maintaining Functional Safety .................................................................................................................... 2-6 Functional Safety Assessment ......................................................................................................................... 2-6 Safety Integrity Design ...................................................................................................................................... 2-7
Chapter 3
SIL2 Architectures ............................................................................................................................................. 3-1 SIL2 Fail-safe Architecture ......................................................................................................................... 3-2 SIL2 Fault Tolerant Input Architectures................................................................................................. 3-3 SIL2 Output Architecture.......................................................................................................................... 3-4 SIL2 Fault Tolerant Input High Demand Architecture........................................................................ 3-5 SIL3 Architectures ............................................................................................................................................. 3-6 SIL3 Fail-safe I/O, Fault Tolerant Processor.......................................................................................... 3-6 SIL3 Fault Tolerant I/O Architectures .................................................................................................... 3-7
viii
SIL3 TMR Input and Processor, Fault Tolerant Output ..................................................................... 3-8 Planned Certified Configurations................................................................................................................. 3-10 Internal Diagnostics......................................................................................................................................... 3-11
Chapter 4
General Design Measures for Functional Safety......................................................................................... 4-1 I/O Modules................................................................................................................................................... 4-1 Energize to Action Configurations .......................................................................................................... 4-3 Controller Process Safety Time (PST).................................................................................................... 4-3 Industrial Functional Safety Standards........................................................................................................... 4-5 NFPA 85 Requirements.............................................................................................................................. 4-5 NFPA 86 Requirements.............................................................................................................................. 4-5 EN 50156 ....................................................................................................................................................... 4-6 BS EN 54 Requirements............................................................................................................................. 4-7 UL 508 ............................................................................................................................................................ 4-9 Field Configurations ........................................................................................................................................ 4-10 Line Monitoring .......................................................................................................................................... 4-10 Digital Input Field Loop Circuits ............................................................................................................ 4-10 Digital Output Field Loops ...................................................................................................................... 4-14 Analogue Input Field Loop Circuits....................................................................................................... 4-15 Sensor Configurations .............................................................................................................................. 4-16 Actuator Configurations .......................................................................................................................... 4-17 Calculations of Probability of Failure upon Demand,.............................................................................. 4-17 Processor Functional Safety Configuration ............................................................................................... 4-17 Processor Safety Functions...................................................................................................................... 4-18 Processor Module Access Port .............................................................................................................. 4-19 I/O Module Safety Functions......................................................................................................................... 4-19 I/O Module Safety Related Parameters ................................................................................................ 4-19 I/O Module Start-Up and Locking Screw Safety Function ............................................................... 4-19 I/O Module Process Safety Time (PST) ................................................................................................ 4-20 Input Module Safety Functions................................................................................................................ 4-20 Input Module Safety Accuracy ................................................................................................................ 4-21 Output Module Safety Functions ........................................................................................................... 4-22 Input and Output Forcing .............................................................................................................................. 4-24 Maintenance Overrides .................................................................................................................................. 4-24 Variable Bindings .............................................................................................................................................. 4-25 Application Program Development............................................................................................................. 4-26 AADvance Workbench Configuration ................................................................................................. 4-26 Language Selection..................................................................................................................................... 4-27 Testing of New or Previously Untested Functions............................................................................ 4-28 Communications Interaction................................................................................................................... 4-30 Program Testing ......................................................................................................................................... 4-30 On-line Modification ....................................................................................................................................... 4-32 Physical Installation.......................................................................................................................................... 4-32 Environmental Requirements........................................................................................................................ 4-32
ix
Chapter 5
Pre-Engineering Checklists .............................................................................................................................. 5-1 Scope Definition Checklist ........................................................................................................................ 5-1 Functional Requirements Checklist ......................................................................................................... 5-2 Safety Requirements Checklist ................................................................................................................. 5-2 Engineering Checklists ...................................................................................................................................... 5-3 I/O Architecture Checklist ........................................................................................................................ 5-3 Language Selection Checklist .................................................................................................................... 5-4 Override Requirements Checklist........................................................................................................... 5-4 Input/Output Module Configuration Checklist..................................................................................... 5-5 Processor and Application Checklist ...................................................................................................... 5-5 Testing Checklist+ ....................................................................................................................................... 5-6
Chapter 6 Chapter 7
Chapter 1
Introduction
This chapter provides an introduction to the AADvance Safety Manual and to the AADvance system.
In This Chapter
Verification of the Safety Manual .................................................................... 1-1 Competency......................................................................................................... 1-1 Terminology......................................................................................................... 1-2 The AADvance Controller............................................................................... 1-3 AADvance Features ........................................................................................... 1-4 Associated Documents...................................................................................... 1-5
Competency
The achievement of functional safety requires the implementation of the safety lifecycle whilst ensuring that persons who are responsible for any safety lifecycle activities meet the required competency levels in functional safety. All persons involved in any safety lifecycle activity, including management activities, shall have the appropriate training, technical knowledge, experience and qualifications relevant to the specific duties they have to perform. The suitability of persons for their designated safety lifecycle activities shall be based on the specific competency factors relevant to the system application and shall be defined and recorded for each individual. The following competence factors should be addressed when assessing and justifying the competency level of persons to carry out their duties: