Table of Contents
Advertisement
Rules for Failsafe Operation of an S5-95F
18.10.3 Standard Value Formation and Reaction at the User Level
When processes execute whose immediate shutdown at the first occurrence of an I/O error must be
avoided, choose the formation of a standard value as reaction to discrepancies in input signals and
initiate that reaction yourself at the user level.
The reaction must be initiated in and monitored by the user program. The program must be written
so that it evaluates the error flags in the system event DB and initiates all safety-related responses,
such as assuming a safe quiescent state.
There are two possible safety-oriented reactions at the user program level to I/O errors:
When the first I/O error occurs, the process is briefly discontinued, the operating personnel
informed (e.g. by an acoustic signal), and an acknowledgement awaited.
When the acknowledgement has been made, the process is resumed in "attended operation"
mode and overseen by qualified personnel.
For this purpose, it is necessary to prove that the process can be continued under those
conditions by qualified personnel to a switch-off point without any safety risk. The user program
must ensure that the process is finally discontinued after expiry of the second error occurence
time at the latest.
When the first I/O error occurs, the process is not discontinued. The user program makes sure
that the interruptability of the process is maintained, i.e. a second I/O error must not under any
circumstances bring the process to an unsafe state .
Safety Note
If you choose to respond to I/O errors with the formation of a standard value and
subsequent reaction at the user level , the responsibility for the failsafe response lies
entirely with the operator/installation engineer.
18-20
S5-95F
EWA 4NEB 812 6210-02
Advertisement
Table of Contents
