Precautions For Designing Safety Application - Mitsubishi Electric MELSEC iQ-R Series Safety Manual

4.1

Precautions for Designing Safety Application

Response time
The response time is a time from the safety input off to the safety output off using the safety programmable controller.
The response time is needed for determining the safety distance for a safety system.
For calculation of the response time of a system to be configured, refer to the following description.
Page 234 Calculating Safety Response Time for System Configured with a Safety CPU
Calculation of the target failure measure (PFDavg/PFH)
The target failure measure (PFDavg/PFH) is a target value of reliability for each SIL level defined in IEC61508: 2010. (Refer to
 Page 21 SIL)
When the safety system using the safety programmable controller is configured, a safety application shall configure a safety
path, including a safety switch through the safety actuator. For example, if the following PFDavg/PFH for safety devices on the
safety path does not meet the SIL required value described in Page 21 SIL and target failure measure (PFDavg/PFH), the
safety application cannot reach the required SIL.
Calculate the PFDavg/PFH for each safety application using the following formula. If the safety path goes through the same
safety device multiple times, add PFDavg/PFH for each safety device one time only.
PFDavg/PFH = (PFDavg/PFH of A) + (PFDavg/PFH of B) + (PFDavg/PFH of C) + (PFDavg/PFH of D) + (PFDavg/PFH of E)
Variable
*1
A
*2*4
B
*4
C
*3*4
D
*3*4
E
*1 When performing safety communications between Safety CPUs on the safety path, add PFDavg/PFH for the Safety CPU (paired with
the safety function module) performing safety communications on the safety path. Add no PFDavg/PFH for the Safety CPU (paired with
the safety function module) not performing safety communications on the safety path, even if it is on the same network.
*2 When using an extension module (NZ2EXSS2-8TE) connected to the main module (NZ2GFSS2-32D) as a safety remote I/O module,
perform the calculation using PFDavg/PFH connecting the extension module to the main module.
*3 For PFDavg/PFH, refer to the manuals for the safety components used.
*4 When the safety application includes multiple safety switches or safety actuators, perform the calculation by adding all PFDavg/PFH for
the safety remote I/O module, safety input device, and safety output device connected to the device.
This indicates PFDavg/PFH related to the safety programmable controller.
Module
PFDavg/PFH of Safety CPU (paired with safety function module)
PFDavg/PFH of the safety remote I/O
*6*7
module
*5 Proof test interval is 10 years (module replacement cycle)
*6 Proof test interval is 5 years (module replacement cycle)
*7 The PFDavg and PFH values are for when the module is used at the ambient temperature of 40.
Calculation examples are described as a line topology. However, calculation is possible using the methods described in this
section regardless of the connection methods (such as line topology, star topology, or ring topology).
Definition
Safety CPU (paired with safety function module)
Safety remote I/O module connected to safety input device
Safety remote I/O module connected to safety output device
Safety input device
Safety output device
*5*7
Main module only (NZ2GFSS2-32D)
Main module only (NZ2GFSS2-8D)
Main module only (NZ2GFSS2-8TE)
Main module only (NZ2GFSS2-16DTE)
Connecting extension module to the
main module (NZ2GFSS2-32D +
NZ2EXSS2-8TE)
4 PRECAUTIONS FOR USE OF SAFETY PROGRAMMABLE CONTROLLER
PFDavg PFH
-5
1.02  10 5.50  10
-5
3.54  10 3.55  10
-5
2.44  10 7.31  10
-5
2.43  10 6.67  10
-5
2.52  10 1.05  10
-5
4.66  10 4.78  10
4.1 Precautions for Designing Safety Application
4
-9
-9
-9
-9
-8
-9
27