HIMax Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

3 Safety Concept for Using the PES HIMax3.3.1 Proof Test ExecutionThe execution of the proof test depends on how the system (EUC = equipment undercontrol) is configured, its intrinsic risk potential and the standards applicable to theequipment operation and required for approval by the responsible test authority.According to IEC 61508 1-7, IEC 61511 1-3, IEC 62061 and VDI/VDE 2180 sheets 1 to 4,the operator of the safety-related systems is responsible for performing the proof tests.3.3.2 Frequency of Proof TestsThe HIMA PES can be proof tested by testing the entire safety loop.In practice, shorter proof test intervals are required for the input and output field devices(e.g., every 6 or 12 months) than for the HIMax controller. Testing the entire safety looptogether with a field device automatically includes the test of the HIMax controller. There istherefore no need to perform additional proof tests of the HIMax controller.If the proof test of the field devices does not include the HIMax controller, the HIMaxcontroller must be tested for SIL 3 at least once every 10 years. This can be achieved byrestarting the HIMax controller.3.4 Safety RequirementsThe following safety requirements must be met when using the safety-related PES of theHIMax system:3.4.1 Hardware ConfigurationPersonnel configuring the HIMax hardware must observe the following safety requirements.Product-Independent Requirements• To ensure safety-related operation, only approved fail-safe hardware modules andsoftware components may be used. The approved hardware modules and softwarecomponents are specified in theVersionsliste der Module und der Firmware der HIMax-Systeme der Firma HIMA PaulHildebrandt GmbH + Co KG (version list of modules and firmware for HIMax systemsfrom HIMA Paul Hildebrandt GmbH + Co KG). The latest versions can be found in theversion list maintained together with the test authority.• The operating requirements specified in this safety manual (see Chapter 'OperatingRequirements') about EMC, mechanical, chemical, climatic influences must beobserved.Product-Dependent Requirements• Only connect devices to the system that are safely electrically isolated from the powersupply.• The operating requirements detailed in the system manual, particularly those concerningsupply voltage and ventilation, must be observed.3.4.2 ProgrammingPersonnel developing user programs must observe the following safety requirements.Product-Independent Requirements• In safety-related applications, ensure that the safety-relevant system parameters areproperly configured.• In particular, this applies to the system configuration, maximum cycle time and safetytime.3.4.3 Requirements for Using the Programming Tool• SILworX must be used for programming.Page 20 of 70HI 801 003 D Rev.2.0
HIMax3 Safety Concept for Using the PES• Compiling the program twice in SILworX and comparing both of the created filesensures that the program was properly compiled.• The correct implementation of the application specifications must be validated, verifiedand documented. A complete test of the logic must be performed by trial.• In case of a change of the user program, at minimum test all the parts of the logicconcerned by the changes.• The system response to faults in the safe input and output modules must be defined inthe user program in accordance with the system-specific safety-related conditions.3.4.4 Communication• When implementing safety-related communications between the various devices,ensure that the system's overall response time does not exceed the fault tolerancetime.All calculations must be performed in accordance with the rules given in 11.2.• The transfer of safety-relevant data through public networks like the Internet is notpermitted unless additional security measures have been implemented such as: VPNtunnel.• If data are transferred through company-internal networks, administrative or technicalmeasures must be implemented to ensure sufficient protection against manipulation (e.g. using a firewall to separate the safety-relevant components of the network from othernetworks).• Never use the standard protocols to transfer safety-related data.• All devices to be connected to the communication interfaces must be equipped with safeelectrical isolation.3.4.5 Maintenance Work• Maintenance work must be performed in accordance with the current version of thedocument "Maintenance Override“ document published by TÜV Rheinland and TÜVProduct Service.• Whenever necessary, the operator must consult with the test authority responsible forthe final inspection of the system and define administrative measures appropriate forregulating access to the systems.HI 801 003 D Rev.2.0 Page 21 of 70
Page 1: SAFETYHIMax ®Safety Manual
Page 4 and 5: Table of contentsHIMax3.5 Certifica
Page 6 and 7: Table of contentsHIMax10.2.9 Accept
Page 8: 1 Safety Manual HIMax1.5 GlossaryTe
Page 12 and 13: 2 Intended Use HIMaxStandardEC/EN 6
Page 14 and 15: 2 Intended Use HIMax2.3.4 Power Sup
Page 16 and 17: 3 Safety Concept for Using the PES
Page 24 and 25: 4 Processor Modules HIMaxNOTESystem
Page 26 and 27: 5 System Bus Module HIMaxWARNINGPhy
Page 28 and 29: 6 Communication Module HIMax6 Commu
Page 30 and 31: 7 Input Modules HIMaxNOTICESystem m
Page 32 and 33: 7 Input Modules HIMax7.6 Checklists
Page 34 and 35: 7 Input Modules HIMax7.6.3 Checklis
Page 36 and 37: 7 Input Modules HIMax7.7 Safety-Rel
Page 38 and 39: 7 Input Modules HIMax7.8 Checklist
Page 40 and 41: 8 Output Modules HIMax8 Output Modu
Page 42 and 43: 8 Output Modules HIMaxIn this state
Page 44 and 45: 8 Output Modules HIMax8.7 Checklist
Page 46 and 47: 9 Software HIMax9 SoftwareThe softw
Page 48 and 49: 9 Software HIMax9.4 Resource Parame
Page 50 and 51: 9 Software HIMaxExample: A key swit
Page 52 and 53: 9 Software HIMaxThe user only need
Page 54 and 55: 10 User program HIMaxSensors (digit
Page 56 and 57: 10 User program HIMax10.2.5 Downloa
Page 58 and 59: 10 User program HIMax10.2.10 Checkl
Page 60 and 61: 11 Configuring Communication HIMaxN
Page 62 and 63: 11 Configuring Communication HIMaxF
Page 64 and 65: 11 Configuring Communication HIMaxP
Page 66 and 67: AppendixHIMaxIndex of FiguresFigure
Page 68: AppendixHIMaxIndexanalog inputsuse

HIMax Safety Manual - Tuv-fs.com

Create successful ePaper yourself

Delete template?

Save as template?