Fault Reactions With Fail-Safe Modules - Siemens SIMATIC ET 200SP Product Information

Product overview

1.2 Fault reactions with fail-safe modules

1.2 Fault reactions with fail-safe modules
Safe state (safety concept)
The basic principle behind the safety concept is the existence of a safe state for all process
variables.
Note
For digital F-modules, this safe state is the value "0". This applies to both sensors and
actuators.
Fault reactions and startup of the F-system
The safety function requires that fail-safe values (safe state) be applied to the fail-safe
module instead of process values (passivation of the fail-safe module) in the following
situations:
● When the F-system is started up
● If errors are detected during safety-related communication between the F-CPU and the F-
module via the PROFIsafe safety protocol (communication error)
● If F-I/O faults or channel faults are detected (e.g., wire break, discrepancy error)
Detected faults are written to the diagnostic buffer of the F-CPU and communicated to the
safety program in the F-CPU.
F-modules cannot save errors as retentive data. When the system is powered down and
then restarted, any faults still existing are detected again during startup. However, you have
the option of saving faults in your safety program.
For channels that you set to "deactivated" in
handling is triggered when a channel fault occurs, not even when such a channel is
affected indirectly by a channel group fault ("Channel activated/deactivated" parameter).
Remedying faults in the F-system
To remedy faults in your F-system, follow the procedure described in IEC 61508-1:2010
section 7.15.2.4 and IEC 61508-2:2010 section 7.6.2.1 e.
The following steps must be performed:
1. Diagnostic and repair of the fault
2. Revalidation of the safety function
3. Recording in the service report
10
WARNING
STEP 7
, no diagnostic response or error
ET 200SP distributed I/O system
Product Information, 07/2013, A5E32288220-AA