Without Time Constraint Dual Outputs; Interposing Devices; Systematic Software Faults; Process Fault Tolerant Time - ABB Triguard SC300E Safety Manual

3.4.2

Without Time Constraint Dual Outputs

In AK6 (SIL 3) classified safety loops with only one final element, then the final element must be
controlled from two digital output channels on separate digital output modules. (Figure 4 shows
a typical configuration).
SC300E TMR
System
3.4.3

Interposing Devices

The use of interposing devices such as IS barriers and relays are not part of the certified PLC
system and must be considered for reliability as part of the field loop. However, the following is
recommended.
IS barriers should be certified (Germany PTB / BASEEFA / SEV) and compatible with both the
Triguard SC300E I/O module and the field device. Where barriers are mounted on
manufacturer's barrier termination card, the PLC certification ends at the barrier termination card
safe area connection.
Simplex Interposing relays should be configured with 2-pole isolation in order to eliminate
simplex fail to danger modes.
Where interposing relays operation is only to be monitored by contact feedback from the relay
these should be safety type relays.
It is the responsibility of the system designer to advise the end user of all such devices that are
included within the safety systems scope of supply in order for the end user to evaluate there
configuration and suitability for the complete safety loop.
3.4.4

Systematic Software Faults

To provide further tolerance to systematic design and application software faults, for example
continuous loops, the application TMR watchdog is incorporated. An example of its application
is shown in the example networks.
3.4.5

Process Fault Tolerant Time

The configuration must ensure that the specified process fault tolerance time must be equal or
greater than twice the PLC cycle time plus the field equipment switching time. The PLC cycle
time can be estimated from the scan rate data estimator (Triguard SC300E Scan Rate Estimator
SS 0730) and may be confirmed by monitoring the three registers available for displaying: -
R1980
R1981
R1982
For full details refer to the TriBuild Help Facility.
Issue 5 - September 2006
MDO Card 1
TC
MDO Card 2
TC
Dual Channel Control

Figure 4 Dual outputs to single final element

- Scan Rate Set in centiseconds
- Scan Rate Time in centiseconds
- Scan Rate Used in centiseconds
Field Power
Supply
Relay 1
Relay 2
Single
Safety
Valve
Page 18 of 65