1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com

11.07.2015 Views
10-2 Use and Application of Human to Machine InterfacesChanging Parameters in Safety-Related SystemsA parameter change in a safety-related loop via an external (that is,outside the safety loop) device (for example, an HMI) is only allowedwith the following restrictions:• Only authorized, specially-trained personnel can change theparameters in safety-related systems via HMIs.• The user who makes changes in a safety-related system via anHMI is responsible for the effect of those changes on thesafety loop.• Users must clearly identify the variable that are to be changed asunder the control of the ControlLogix controller inside thesafety loop.• Users must use a clear, comprehensive and explicit operatorprocedure to make safety-related changes via an HMI.• Changes can only be accepted in a safety-related system if thefollowing sequence of events occurs:a. Changes are sent from the HMI to the ControlLogix controllerin the safety loop.b. The ControlLogix controller in the safety loop sends thechanges back to the HMI–before accepting the changes oracting on them.c. The user verifies that the changes are correct.In every case, the operator must confirm the validity of thechange before they are accepted and applied in the safety loop.• The software used in the HMI and the ControlLogix controller(in this case, RSLogix 5000) should be designed to verify thatchanges to the safety system are within acceptable limits and donot otherwise compromise the safety system.• The user should test all changes as part of the safety validationprocedure.Publication 1756-RM001B-EN-P - October 2003

Use and Application of Human to Machine Interfaces 10-3• Users must sufficiently document all safety-related changesmade via HMI, including:– authorization– impact analysis– execution– test information– revision information• Changes to the safety-related system, must comply with IEC61511 standard on process safety section 11.7.1 OperatorInterface requirements.Changing Parameters in Non-Safety-Related SystemsWhen the HMI device is used to change parameters in anon-safety-related system, remember the following techniques:• When the HMI is used to input parameters such as setpoints fora PID loop or drive speeds, the application program shouldinclude sound techniques used for other types of changevalidation, including:– Display the data to be changed– Acceptable ranges and limits used in the program for datachecks (in other words, checks to make sure entered data iswithin an acceptable range)– Display the new value along with the existing value– Prompt the operator to acknowledge and accept the changedvalue before allowing the change to take effect• The developer must follow the same sound developmenttechniques and procedures used for other application softwaredevelopment, including the verification and testing of theoperator interface and its access to other parts of the program.The PLC application software should set up a table that isaccessible by the HMI and limits access to required data pointsonly.• Similar to the PLC program, the HMI software needs to besecured and maintained for SIL2 compliance after the system hasbeen validated and tested.Publication 1756-RM001B-EN-P - October 2003

Page 1: Using ControlLogixin SIL2 Applicati

Page 4 and 5: Summary of Changes 2Notes:Publicati

Page 6 and 7: Preface 2Table Preface.1Section: Ti

Page 8 and 9: Table of Contents 2ControlLogix Com

Page 10 and 11: Table of Contents 4Additional Infor

Page 12 and 13: 1-2 SIL PolicyThe TUV Rheinland has

Page 14 and 15: 1-4 SIL PolicySIL2 CertificationFig

Page 16 and 17: 1-6 SIL PolicySIL2-Certified Contro

Page 18 and 19: 1-8 SIL PolicyHardware Designs andF

Page 20 and 21: 1-10 SIL PolicyCatalogNumberDescrip

Page 22 and 23: 1-12 SIL PolicyCatalogNumberDescrip

Page 24 and 25: 1-14 SIL PolicySIL ComplianceDistri

Page 26 and 27: 1-16 SIL PolicyProgram Watchdog Tim

Page 28 and 29: 2-2 The ControlLogix SystemIf an an

Page 30 and 31: 2-4 The ControlLogix SystemData Ech

Page 32 and 33: 2-6 The ControlLogix SystemSoftware

Page 34 and 35: 2-8 The ControlLogix SystemNotes:Pu

Page 36 and 37: 3-2 ControlLogix System HardwareCon

Page 38 and 39: 3-4 ControlLogix System HardwareRec

Page 40 and 41: 3-6 ControlLogix System HardwareNot

Page 42 and 43: 4-2 ControlLogix ControllerRecommen

Page 44 and 45: 5-2 ControlLogix Communications Mod

Page 46 and 47: 5-4 ControlLogix Communications Mod

Page 48 and 49: 6-2 ControlLogix I/O ModulesFigure

Page 50 and 51: 6-4 ControlLogix I/O ModulesModule

Page 52 and 53: 6-6 ControlLogix I/O ModulesWiring

Page 54 and 55: 6-8 ControlLogix I/O ModulesGeneral


Page 58 and 59: 6-12 ControlLogix I/O ModulesApplic

Page 60 and 61: 6-14 ControlLogix I/O Modules• Ch



Page 66 and 67: 6-20 ControlLogix I/O ModulesUsing

Page 68 and 69: 6-22 ControlLogix I/O ModulesFigure


Page 72 and 73: 6-26 ControlLogix I/O ModulesCheckl

Page 74 and 75: 7-2 Faults in the ControlLogix Syst

Page 76 and 77: 7-4 Faults in the ControlLogix Syst

Page 78 and 79: 8-2 General Requirements for Applic



Page 84 and 85: 9-2 Technical SIL2 Requirements for




Page 94 and 95: 10-4 Use and Application of Human t

Page 96 and 97: A-2 Response Times in ControlLogixE

Page 98 and 99: A-4 Response Times in ControlLogixR

Page 100 and 101: B-2 System Self-Testing and User-Pr

Page 102 and 103: C-2 Additional Information on Handl

Page 104 and 105: D-2 Spurious Failure EstimatesNotes

Page 106 and 107: E-2 Sample Probability of Failure o

Page 108 and 109: E-4 Sample Probability of Failure o

Page 110: 2 IndexMMean time between failures

1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com

1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com ... View more 1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com

Delete template?

Save as template ?

1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com 1756-RM001B-EN-P, Using ControlLogix in SIL2 ... - Tuv-fs.com