AADvance Safety Manual - Tuv-fs.com

12.07.2015 Views
AADvance Safety ManualProcessor Functional Safety ConfigurationThe 9110 Processor Module supports a limited set of configuration options; the systemwill verify the hardware configuration, such as the module locations against actualmodule types. The processor module process safety time can be specified through theWorkbench.Make sure that all specified modules for the required configuration are present andinstalled.Processor Safety FunctionsSafety functionsThe processor module is classified as safety critical and is responsible for the followingsafety functions: solving application logic external communication (Ethernet and serial) communication with I/O modules such as receiving input values, sending outputvalues, coordinating diagnostics enforcement of system PST diagnostics, fault indications and degradation of the processor module enforcement of input PST diagnostics, fault indications and degradation of input modules initiating diagnostics, fault declaration and for some fault conditions thedegradation of output modules.Reaction to faults in the processor moduleThe processor module reports faults by front panel indicators and fault codes stored inthe System Event log. The key indicator SYSTEM HEALTHY reports a fault in any ofthe I/O modules and any processor module. They report to the user application by thevariables set up during the system configuration process. These variables provide thefollowing information: module presence module health and status channel health and status an echo of the front panel indicationsAvailability of processor modulesOne to three redundant processor modules can be installed into a base unit.Thesystem remains functional even if two of three modules are faulty or not present.When two or more processor modules are installed the controller can be configuredfor a SIL3 fault tolerant application.5-18 Document number 553630 Issue 7: February 2010

Chapter 5 AADvance Functional Safety SystemImplementationReplacing/installing processor modulesProcessor modules can be replaced or installed on-line without affecting the controlleroperation provided at least one is fitted and is fully operational. However, processorsmust be installed one at a time and allowed to educate before the next processor isinstalled.When a processor module is installed and the locking screw set to the lock position,the module will automatically start to educate from the existing operating processor.The Healthy indicator flashes GREEN during the educating process and goes steadyGREEN when educated. The Run indicator stays RED during the education processthen goes steady AMBER when educated. After the Reset button is pressed the Runindicator goes steady GREEN and the newly installed processor module becomesoperational. If the Run indicator stays AMBER or reverts back to RED then educationprocess has failed and either the module is faulty or the application is invalid.Processor Module Access PortThe front panel of the 9110 Processor Module has a concealed PS/2 style connector onthe front panel behind a plastic cover. This connector is for ICS Triplex use only and isused for factory settings during manufacturing. The plastic cover should only beremoved to replace the processor battery.I/O Module Safety FunctionsThis section describes the adjustable safety parameters that you can set.Module Safety Related ParametersThe Workbench provides you with the capability to adjust two safety relatedparameters for an I/O module: Process safety time Shutdown action of a digital output module channelI/O Module Process Safety TimeThis option allows the system integrator to configure the process safety time (PST) foran I/O module, independently from the system value set through the processormodule. If no independent value is set for the module it will adopt, by default, the toplevel value of PST set for the processor module. When an input module exceeds thePST, that is the controller does not receive an update from the application within thePST then the I/O module is set to a fail safe state and returns a safe values to thecontroller.Digital output module process safety timeDocument number 553630 Issue 7: February 2010 5-19

Page 1 and 2: ICS TriplexAADvance Safety ManualIS

Page 3 and 4: Issue RecordIssueNumberDateRevisedb

Page 5 and 6: ForewordThis technical manual defin

Page 7 and 8: ContentsChapter 1 Introduction ....

Page 11 and 12: IntroductionChapter 1This chapter p

Page 13 and 14: Chapter 1 IntroductionAssociated Do

Page 15 and 16: The AADvance SystemChapter 2.An AAD

Page 17 and 18: Chapter 2 The AADvance SystemThe AA

Page 19 and 20: Functional Safety ManagementChapter

Page 21 and 22: Chapter 3 Functional Safety Managem





Page 31 and 32: AADvance System ArchitecturesChapte

Page 33 and 34: Chapter 4 AADvance System Architect






Page 45 and 46: Chapter 5AADvance Functional Safety

Page 47 and 48: Chapter 5 AADvance Functional Safet







Page 61: Chapter 5 AADvance Functional Safet










Page 83 and 84: ChecklistsChapter 6This chapter con

Page 85 and 86: Chapter 6 ChecklistsEngineering Che

Page 87 and 88: Chapter 6 ChecklistsInput/Output Mo

Page 89 and 90: Chapter 6 Glossary of TermsGlossary

Page 91 and 92: Chapter 6 Glossary of Termscoverage

Page 93 and 94: Chapter 6 Glossary of TermsIEC 6150

Page 95 and 96: Chapter 6 Glossary of Termsprogram

Page 97: Chapter 6 Glossary of Termsvoting s

AADvance Safety Manual - Tuv-fs.com

AADvance Safety Manual - Tuv-fs.com ... View more AADvance Safety Manual - Tuv-fs.com

Delete template?

Save as template ?

AADvance Safety Manual - Tuv-fs.com AADvance Safety Manual - Tuv-fs.com