Configuration And Programming; Overview - ABB AC500-S Safety User Manual

4

Configuration and programming

4.1 Overview

You must use PS501 Control Builder Plus V2.2.1 (or newer) / ABB Automation Builder 1.0 (or newer) soft-
ware with Safety features (CoDeSys Safety and Safety Configurator) to program AC500-S Safety PLCs.
A complete check of program logic and configuration must be performed to verify that logic correctly and fully
addresses the functional and safety requirements in your safety application specification. Each time you
make a modification, re-check project data.
The safety concept for Safety features in PS501 Control Builder Plus V2.2.1 (or newer) / ABB Automation
Builder 1.0 (or newer) software assures that the programming system works correctly for implementing
safety functions in AC500-S, meaning that programming system errors can be detected. The communication
between CoDeSys Safety and SM560-S Safety CPU is not a part of the safety loop, but is still subject to
checks, for example, a CRC is used during the download of a project in order to verify that the data are
transferred correctly and that there is no communication error. The user is responsible to additionally check
the version and functionality of his project as well as the proper configuration of Safety and Non-safety mod-
ules.
DANGER!
For the initial start-up of a Safety CPU or after a modification of the application program or configura-
tion, the safety of the entire system must be checked by a complete functional test, which includes
also the check of the correct coding of the safety application based on the functional specification.
The safety application program must be identified using the following properties: project name, file name,
change date, title, author, version, description and CRC. Using CoDeSys Safety menu item "Online/Check
boot project in PLC", one can check that offline CoDeSys safety project and the boot project on the Safety
CPU are identical.
Forcing of variables is supported by SM560-S Safety CPU, but only in DEBUG mode (Non-safety), which
means that user takes over a complete responsibility for potential damages due to wrong system behaviour
in the DEBUG mode (Non-safety).
DANGER!
Forcing of variables in SM560-S Safety CPU is only allowed after consulting the approving board
responsible for site approval. During forcing, the user in charge must ensure sufficient safety technical
monitoring of the process by other technical, organisational and structural measures.
Protection mechanisms are integrated in SM560-S Safety CPU and in PS501 Control Builder Plus V2.2.1 (or
newer) / ABB Automation Builder 1.0 (or newer) with Safety features to prevent unintentional or unauthorized
modifications to the safety system:
n A modification of the safety application program generates a new project CRC version number.
n The user must be logged in to the Safety CPU to access its operating options.
n Requirements of safety and other relevant application standards regarding protection against manipula-
tions must be observed. The authorization of employees and the necessary protection measures are the
responsibility of the operator in charge.
An unauthorized access to Safety CPU and safety program is protected by three passwords:
n Password for SM560-S Safety CPU;
n Password for the safety program in CoDeSys Safety V2.3;
Password for Safety modules and their configuration data in PS501 Control Builder Plus V2.2.1 (or
n
newer) / ABB Automation Builder 1.0 (or newer) with Safety features.
30.03.2017
Configuration and programming
AC500-S
Overview
165