Allen-Bradley 1756-L61S Reference Manual
  1. Manuals
  2. Brands
  3. Allen-Bradley Manuals
  4. Controller
  5. 1756-L61S ControlLogix 5561S
  6. Reference manual

Allen-Bradley 1756-L61S Reference Manual

Guardlogix controller systems
Hide thumbs Also See for 1756-L61S:
Table of Contents

Advertisement

Quick Links

See also: Programming Manual
Safety Reference Manual
Original Instructions
GuardLogix Controller Systems
Catalog Numbers 1756-L61S, 1756-L62S, 1756-L63S, 1768-L43S,1768-L45S, RSLogix 5000 Version 20 and earlier

Advertisement

Table of Contents
loading

Related Manuals for Allen-Bradley 1756-L61S

Summary of Contents for Allen-Bradley 1756-L61S

  • Page 1 Safety Reference Manual Original Instructions GuardLogix Controller Systems Catalog Numbers 1756-L61S, 1756-L62S, 1756-L63S, 1768-L43S,1768-L45S, RSLogix 5000 Version 20 and earlier...
  • Page 2 Important User Information Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.

  • Page 3: Table Of Contents

    Table of Contents Preface Summary of Changes ..........7 Understanding Terminology .
  • Page 4 Table of Contents Chapter 4 CIP Safety and the Safety Network Routable CIP Safety Control System....... 33 Unique Node Reference.
  • Page 5 Table of Contents Inhibit a Module ..........60 Editing Your Safety Application .
  • Page 6 Table of Contents Appendix C Reaction Times System Reaction Time ..........81 Logix System Reaction Time .

  • Page 7: Preface

    Preface Topic Page Summary of Changes Understanding Terminology Additional Resources Summary of Changes This publication contains new and updated information as indicated in the following table. Topic Page Updated the definition of Safety Partner. Removed 5570 controllers, which are covered by the GuardLogix 5570 and Compact Throughout GuardLogix 5370 Controller Systems Safety Reference Manual, publication 1756-RM099.

  • Page 8: Additional Resources

    Preface Table 1 - Terms and Definitions (continued) Abbreviation Full Term Definition Get System Value A ladder logic instruction that retrieves specified controller status information and places it in a destination tag. Personal Computer Computer used to interface with, and control, a Logix-based system via RSLogix 5000® programming software.
  • Page 9 Provides declarations of conformity, certificates, and other certification details global/certification/overview.page You can view or download publications at http://www.rockwellautomation.com/literature/. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative. Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...
  • Page 10 Preface Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 11: Sil 3 Certification

    Chapter Safety Integrity Level (SIL) Concept Topic Page SIL 3 Certification Functional Verification Tests GuardLogix Architecture for SIL 3 Applications GuardLogix System Components GuardLogix Certifications GuardLogix PFD and PFH Specifications Safety Integrity Level (SIL) Compliance Distribution and Weight System Reaction Time Safety Task Period and Safety Task Watchdog Contact Information if Device Failure Occurs SIL 3 Certification...

  • Page 12: Functional Verification Tests

    Chapter 1 Safety Integrity Level (SIL) Concept The TÜV Rheinland has approved GuardLogix controller systems for use in safety-related applications up to SIL CL 3, in which the de-energized state is considered to be the safe state. All of the examples related to I/O included in this manual are based on achieving de-energization as the safe state for typical Machine Safety and Emergency Shutdown (ESD) Systems.

  • Page 13: Guardlogix Architecture For Sil 3 Applications

    Safety Integrity Level (SIL) Concept Chapter 1 GuardLogix Architecture for The following illustration shows a typical SIL function, including: • the overall safety function. SIL 3 Applications • the GuardLogix portion of the overall safety function. • how other devices (for example, HMI) are connected, while operating outside the function.

  • Page 14: Guardlogix System Components

    Table 2 - SIL 3-certified GuardLogix Components Related Documentation Installation User Manual Device Type Cat. No. Description Instructions 1756-L61S Controller with 2 MB standard, 1 MB safety memory 1756 GuardLogix primary controller 1756-L62S Controller with 4 MB standard, 1 MB safety memory (ControlLogix556xS) 1756-L63S Controller with 8 MB standard, 3.75 MB safety memory...
  • Page 15 Safety Integrity Level (SIL) Concept Chapter 1 Table 3 - Components Suitable for Use with 1756 GuardLogix Controller Safety Systems (continued) Related Documentation Installation User Manual Device Type Cat. No. Description Series Revision Instructions RSLogix 5000 software for 1756-L6xS controllers Programming Consult online 9324-xxxx...

  • Page 16: Guardlogix Certifications

    Chapter 1 Safety Integrity Level (SIL) Concept Table 4 - Components Suitable for Use With 1768 Compact GuardLogix Controller Safety Systems Related Documentation Installation User Manual Device Type Cat. No. Description Series Revision Instructions 1768-PA3 Power supply, AC Power supply 1768-IN001 1768-PB3 Power supply, DC...

  • Page 17: Safety Integrity Level (Sil) Compliance Distribution And Weight

    Safety Integrity Level (SIL) Concept Chapter 1 PFD and PFH values are associated with each of the three primary elements making up a safety-related system (the sensors, the logic element, and the actuators). Within the logic element you also have input, processor, and output elements.

  • Page 18: System Reaction Time

    Chapter 1 Safety Integrity Level (SIL) Concept Figure 3 - Reliability Burden 10% of the PFD Sensor 40% of the Actuator Controller Output Input Module Module Sensor Actuator 50% of the PFD The system reaction time is the amount of time from a safety-related event as an System Reaction Time input to the system until the system sets corresponding outputs to their safe state.

  • Page 19: Safety Task Period And Safety Task Watchdog

    Safety Integrity Level (SIL) Concept Chapter 1 Safety Task Period and Safety Task Watchdog The safety task period is the interval at which the safety task executes. The safety task watchdog time is the maximum permissible time for safety task processing.
  • Page 20 Chapter 1 Safety Integrity Level (SIL) Concept Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 21: 1756 Guardlogix Controller Hardware

    Chapter GuardLogix Controller System Topic Page 1756 GuardLogix Controller Hardware 1768 Compact GuardLogix Controller Hardware CIP Safety Protocol Safety I/O Communication Bridges Programming Overview For a brief listing of components suitable for use in Safety Integrity Level (SIL) 3 applications, see the table on page 14. For more detailed and up-to-date information see http://www.rockwellautomation.com/products/certification/ safety/.

  • Page 22: Primary Controller

    Chapter 2 GuardLogix Controller System Primary Controller The primary controller is the processor that performs standard and safety control functions and communicates with the safety partner for safety-related functions in the GuardLogix control system. The primary controller consists of a central processor, I/O interface, and memory.

  • Page 23: 1768 Compact Guardlogix Controller Hardware

    GuardLogix Controller System Chapter 2 1768 Compact GuardLogix The 1768 Compact GuardLogix controllers combine the primary and safety partner controllers in a single controller hardware package to form a SIL 3 Controller Hardware capable controller. Compact GuardLogix controllers feature a 1768 backplane and a 1769 backplane to support standard 1769 I/O modules.

  • Page 24: Communication Bridges

    Chapter 2 GuardLogix Controller System Communication Bridges Table 7 lists the communication interface modules available to facilitate communication over EtherNet/IP™, DeviceNet, and ControlNet networks via the CIP Safety protocol. Table 7 - Communication Interface Modules by System GuardLogix System Communication Modules 1756 •...
  • Page 25 GuardLogix Controller System Chapter 2 DeviceNet Safety Network DeviceNet bridge modules let the 1756 GuardLogix controller control and exchange safety data with CIP Safety I/O modules on a DeviceNet network. Figure 5 - Communication via a DeviceNet Bridge Module CIP Safety I/O Module DeviceNet Network CIP Safety I/O Module...

  • Page 26: Programming Overview

    Chapter 2 GuardLogix Controller System Programming Overview The programming software for the GuardLogix controller is RSLogix 5000® software. RSLogix 5000 software is used to define the location, ownership, and configuration of I/O modules and controllers. The software is also used to create, test, and debug application logic.

  • Page 27: Overview

    Chapter CIP Safety I/O for the GuardLogix Control System Topic Page Overview Typical Safety Functions of CIP Safety I/O Modules Reaction Time Safety Considerations for CIP Safety I/O Modules Overview Before operating a GuardLogix® safety system containing CIP Safety I/O modules, you must read, understand, and follow the installation, operation, and safety information provided in the publications listed in the SIL 3-certified...

  • Page 28: Diagnostics

    Chapter 3 CIP Safety I/O for the GuardLogix Control System Diagnostics CIP Safety I/O modules perform self-diagnostics when the power is turned ON and periodically during operation. If a diagnostic failure is detected, safety input data (to the controller) and local safety outputs are set to their safe state (OFF). Status Data In addition to safety input and output data, CIP Safety I/O modules support status data to monitor module and I/O circuit health.

  • Page 29: Safety Considerations For Cip Safety I/O Modules

    CIP Safety I/O for the GuardLogix Control System Chapter 3 Safety Considerations for CIP You must commission all devices with a node or IP address and communication rate, if necessary, before their installation on a safety network. Safety I/O Modules Ownership Each CIP Safety I/O module in a GuardLogix system is owned by one GuardLogix controller.
  • Page 30 Chapter 3 CIP Safety I/O for the GuardLogix Control System Two options for I/O module replacement are available on the Safety tab of the Controller Properties dialog box in RSLogix 5000 software: • Configure Only When No Safety Signature Exists •...
  • Page 31 CIP Safety I/O for the GuardLogix Control System Chapter 3 To set the proper SNN when a safety signature exists, a manual action (typically SET), is required to download the proper SNN, after which the remainder of the configuration is automatically downloaded. Configure Always The GuardLogix controller will always attempt to automatically configure a replacement CIP Safety I/O module if the module is in an out-of-box condition,...
  • Page 32 Chapter 3 CIP Safety I/O for the GuardLogix Control System Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 33: Routable Cip Safety Control System

    Chapter CIP Safety and the Safety Network Number Topic Page Routable CIP Safety Control System Considerations for Assigning the Safety Network Number (SNN) Routable CIP Safety Control To understand the safety requirements of a CIP Safety control system, including the safety network number (SNN), you must first understand how System communication is routable in CIP control systems.

  • Page 34: Unique Node Reference

    Chapter 4 CIP Safety and the Safety Network Number Unique Node Reference The CIP Safety protocol is an end-node to end-node safety protocol. The CIP Safety protocol allows the routing of CIP Safety messages to and from CIP Safety devices through non-certified bridges, switches, and routers. To prevent errors in non-certified bridges, switches, or routers from becoming dangerous, each end node within a routable CIP Safety control system must have a unique node reference.

  • Page 35: Considerations For Assigning The Safety Network Number (Snn)

    CIP Safety and the Safety Network Number Chapter 4 based format is selected, the SNN represents a localized date and time. When the manual format is selected, the SNN represents a network type and a decimal value from 1…9999. Figure 10 - SNN Formats The assignment of a time-based SNN is automatic when creating a new GuardLogix safety controller project and adding new Safety I/O modules.

  • Page 36: Safety Network Number (Snn) For Out-Of-Box Modules

    Chapter 4 CIP Safety and the Safety Network Number Safety Network Number (SNN) for Out-of-box Modules Out-of-box CIP Safety I/O modules do not have an SNN. The SNN is set when a configuration is sent to the module by the GuardLogix® controller that owns the module.

  • Page 37: Differentiate Between Standard And Safety

    Chapter Characteristics of Safety Tags, the Safety Task, and Safety Programs Topic Page Differentiate Between Standard and Safety SIL 2 Safety Applications SIL 3 Safety–the Safety Task Use of Human-to-machine Interfaces Safety Programs Safety Routines Safety Tags Additional Resources Because it is a Logix-series controller, both standard (non-safety-related) and Differentiate Between safety-related components can be used in the GuardLogix®...

  • Page 38: Sil 2 Safety Applications

    Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs SIL 2 Safety Applications You can perform SIL 2 safety control by using the 1756 or 1768 GuardLogix controller’s safety task. Because 1756 GuardLogix controllers are part of the ControlLogix series of processors, you can perform SIL 2 safety control with a 1756 GuardLogix controller by using standard tasks or the safety task.
  • Page 39 Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 For SIL 2-only safety, a safety task signature is not required. However, if any SIL 3 safety functions are used within the safety task, a safety task signature is required.
  • Page 40 Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs For Cat 1, Cat 2, and SIL 2 safety functions, the Guard I/O safety modules need specific configurations within the GuardLogix project. In this example, inputs 0, 1, 6, 7, 8, 9, 10, and 11 are part of a CAT 1, 2 or SIL 2 safety function, because they are configured as Single.

  • Page 41: Sil 2 Safety Control In Standard Tasks

    Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 SIL 2 Safety Control in Standard Tasks (1756 GuardLogix controllers only) Because of the quality and amount of diagnostics built into the 1756 ControlLogix series of controllers, you can perform SIL 2 safety functions from within standard tasks.
  • Page 42 Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs The safety task period is limited to a maximum of 500 ms and cannot be modified online. Make sure that the safety task has enough time to finish before it is triggered again.

  • Page 43: Safety Task Execution Details

    Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 Safety Task Execution Details The safety task executes in the same manner as standard periodic tasks, with the following exceptions: • The safety task does not begin executing until the primary controller and safety partner have established their control partnership and the coordinated system time (CST) is synchronized.

  • Page 44: Use Of Human-To-Machine Interfaces

    Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs • The safety task responds to mode changes (for example, Run to Program or Program to Run) at timed intervals. As a result, the safety task may take more than one task period, but always less than two, to make a mode transition.

  • Page 45: Accessing Safety-Related Systems

    Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 Accessing Safety-related Systems HMI- related functions consist of two primary activities: reading and writing data. Reading Parameters in Safety-related Systems Reading data is unrestricted because reading doesn’t affect the behavior of the safety system.

  • Page 46: Safety Programs

    Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs • Sufficiently document all safety-related changes made via the HMI, including the following: – Authorization – Impact analysis – Execution – Test information – Revision information • Changes to the safety-related system must comply with IEC 61511 standard on process safety, section 11.7.1 Operator Interface requirements.

  • Page 47: Safety Tags

    Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 Safety Tags The GuardLogix control system supports the use of both standard and safety tags in the same project. However, the programming software operationally differentiates standard tags from safety tags. Safety tags have all the attributes of standard tags with the addition of mechanisms to provide SIL 3 data integrity.

  • Page 48: Standard Tags In Safety Routines (Tag Mapping)

    Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs Tags classified as safety tags are either controller-scoped or program-scoped. Controller-scoped safety tags can be read by either standard or safety logic or other communication devices, but can only be written to by safety logic or another GuardLogix safety controller.

  • Page 49: Additional Resources

    Characteristics of Safety Tags, the Safety Task, and Safety Programs Chapter 5 Additional Resources These documents contain addition information about GuardLogix controllers. Resource Description Logix5000 Controllers Design Considerations Reference Provides information on managing tasks and the effects Manual, publication 1756-RM094 of task execution and timing on user data GuardLogix Controllers User Manual, publication 1756-...
  • Page 50 Chapter 5 Characteristics of Safety Tags, the Safety Task, and Safety Programs Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 51: Safety Concept Assumptions

    Chapter Safety Application Development Topic Page Safety Concept Assumptions Basics of Application Development and Testing Commissioning Life Cycle Downloading the Safety Application Program Uploading the Safety Application Program Online Editing Storing and Loading a Project from Nonvolatile Memory Force Data Inhibit a Module Editing Your Safety Application Safety Concept Assumptions...

  • Page 52: Basics Of Application Development And Testing

    Chapter 6 Safety Application Development Table 9 - Controller Modes Controller Safety Task Status Safety Comments Mode (up to and including) (A valid program has been downloaded to the controller.) Program Unlocked • I/O connections established No signature • Safety Task logic is not being scanned. Unlocked (Development purposes •...

  • Page 53: Commissioning Life Cycle

    Safety Application Development Chapter 6 The flowchart below shows the steps required for commissioning a GuardLogix® Commissioning Life Cycle system. The items in bold text are explained in the following sections. Figure 15 - Commission the System Specify the Control Function Create Project Create Project Online...

  • Page 54: Specification Of The Control Function

    Chapter 6 Safety Application Development Specification of the Control Function You must create a specification for your control function. Use this specification to verify that program logic correctly and fully addresses your application’s functional and safety control requirements. The specification may be presented in a variety of formats, depending on your application.

  • Page 55: Create The Project

    Safety Application Development Chapter 6 Create the Project The logic and instructions used in programming the application must be the following: • Easy to understand • Easy to trace • Easy to change • Easy to test All logic should be reviewed and tested. Keep safety-related logic and standard logic separate.

  • Page 56: Project Verification Test

    Chapter 6 Safety Application Development Once application program testing is complete, you must generate the safety task signature. The programming software automatically uploads the safety task signature after it is generated. To verify the integrity of every download, you must manually record the IMPORTANT safety task signature after initial creation and check the safety task signature after every download to make sure that it matches the original.

  • Page 57: Confirm The Project

    Safety Application Development Chapter 6 moved to another application, you must also perform start-up and functional verification testing on the controller in the context of its new application. Functional Verification Tests on page for more information. Confirm the Project You must print or view the project, and compare the uploaded safety I/O and controller configurations, safety data, and safety task program logic to make sure that the correct safety components were downloaded, tested, and retained in the safety application program.

  • Page 58: Safety Validation

    Chapter 6 Safety Application Development 9. Use the RSLogix 5000 Program Compare utility to perform these comparisons: • Compare all of the properties of the GuardLogix controller and CIP Safety I/O modules. • Compare all of the properties of the safety task, safety programs and safety routines.

  • Page 59: Downloading The Safety Application Program

    Safety Application Development Chapter 6 For information on using the safety-lock feature, refer to the GuardLogix Controllers User Manual, publication 1756-UM020, or the 1768 Compact GuardLogix Controllers User Manual, publication 1768-UM002. Downloading the Safety Upon download, application testing is required unless a safety task signature exists.

  • Page 60: Storing And Loading A Project From Nonvolatile Memory

    Chapter 6 Safety Application Development Storing and Loading a In revision 18 or later, GuardLogix controllers support firmware upgrades and user program storage and retrieval by using a memory card. In a 1756 Project from Nonvolatile GuardLogix system, only the primary controller uses a memory card for Memory nonvolatile memory.

  • Page 61: Editing Your Safety Application

    Safety Application Development Chapter 6 3. Check Inhibit Connection and click Apply. The module is inhibited whenever the checkbox is checked. If a communication module is inhibited, all downstream modules are also inhibited. Editing Your Safety The following rules apply to changing your safety application in RSLogix 5000 software: Application •...

  • Page 62: Performing Offline Edits

    Chapter 6 Safety Application Development Performing Offline Edits When offline edits are made to only standard program elements, and the safety task signature matches following a download, you can resume operation. When offline edits affect the safety program, you must revalidate all affected elements of the application, as determined by the impact analysis, before resuming operation.
  • Page 63 Safety Application Development Chapter 6 Figure 16 - Online and Offline Edit Process Online Edit Offline Edit Open Project Attach to Controller Make Desired Any Safety Any Safety Modifications to Standard Changes? Changes? Logic Unlock the Controller Unlock the Controller Make Desired Delete Safety Modifications to Standard...
  • Page 64 Chapter 6 Safety Application Development Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 65: Monitor Status And Handle Faults

    Chapter Monitor Status and Handle Faults Topic Page Monitoring System Status GuardLogix System Faults The GuardLogix® architecture provides you with many ways of detecting and reacting to faults in the system. The first way that you can handle faults is to make sure you have completed the checklists for your application (see Appendix Monitoring System Status...

  • Page 66: Input And Output Diagnostics

    Chapter 7 Monitor Status and Handle Faults The first two bits of the CONNECTION_STATUS data type contain a device’s RunMode and ConnectionFaulted status bits. The following table describes the combinations of the RunMode and ConnectionFaulted states. Table 10 - Safety Connection Status RunMode ConnectionFaulted Safety Connection Operation...

  • Page 67: De-Energize To Trip System

    Monitor Status and Handle Faults Chapter 7 De-energize to Trip System GuardLogix controllers are part of a de-energize to trip system, which means that zero is the safe state. Some, but not all, safety module faults cause all module inputs or outputs to be set to zero (safe state). Faults associated to a specific input channel result in that specific channel being set to zero;...

  • Page 68: Guardlogix System Faults

    Chapter 7 Monitor Status and Handle Faults GuardLogix System Faults Faults in the GuardLogix system fall into these three categories: • Nonrecoverable controller faults • Nonrecoverable safety faults • Recoverable faults For information on handling faults, refer to the GuardLogix Controllers User Manual, publication 1756-UM020, or the 1768 Compact GuardLogix Controllers User Manual, publication 1768-UM002.

  • Page 69: Recoverable Faults

    Monitor Status and Handle Faults Chapter 7 Recoverable Faults Controller faults caused by user programming errors in a safety program trigger the controller to process the logic contained in the project’s safety program fault handler. The safety program fault handler provides the application with the opportunity to resolve the fault condition and then recover.
  • Page 70 Chapter 7 Monitor Status and Handle Faults Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 71: Safety Instructions

    Appendix Safety Instructions Topic Page Safety Application Instructions Metal Form Safety Application Instructions Safety Instructions Additional Resources For the latest information, see our safety certificates at http://www.rockwellautomation.com/products/certification/safety/. Safety Application Instructions Table 11 - RSLogix 5000 Software, Version 20 and Later, Safety Application Instructions Mnemonic Name Purpose...

  • Page 72: Metal Form Safety Application Instructions

    Appendix A Safety Instructions Table 12 - RSLogix 5000 Software, Version 17 and Later, Safety Application Instructions Mnemonic Name Purpose SMAT Safety Mat Indicates whether or not the safety mat is occupied. THRSe Two-Hand Run Station – Enhanced Monitors two diverse safety inputs, one from a right-hand push button and one from a left-hand push button, to control a single output.

  • Page 73: Safety Instructions

    Safety Instructions Appendix A Safety Instructions Routines in the safety task may use these ladder logic safety instructions. Table 13 - Ladder Logic Safety Instructions Type Mnemonic Name Purpose RSLogix 5000 Version Examine If Closed Enable outputs when a bit is set Examine If Open Enable outputs when a bit is cleared Output Energize...

  • Page 74: Additional Resources

    Appendix A Safety Instructions Table 13 - Ladder Logic Safety Instructions Type Mnemonic Name Purpose RSLogix 5000 Version Add two values Subtract Subtract two values Multiply Multiply two values Divide Divide two values Math/ Compute Modulo Determine the remainder after one value is divided by a second value Square Root Calculate the square root of a value Negate...

  • Page 75: Safety Add-On Instructions

    Appendix Safety Add-On Instructions Topic Page Creating and Using a Safety Add-On Instruction Additional Resources With RSLogix 5000® software, version 18 and later, you can create safety Add- On Instructions. Safety Add-On Instructions let you encapsulate commonly- used safety logic into a single instruction, making it modular and easier to reuse. Safety Add-On Instructions use the instruction signature of high-integrity Add- On Instructions and also a SIL 3 safety instruction signature for use in safety- related functions up to and including SIL 3.
  • Page 76 Appendix B Safety Add-On Instructions Figure 18 - Flowchart for Creating and Using Safety Add-On Instructions To Use a Safety Add-On Instruction To Create a Safety Add-On Instruction To Modify a Safety Add- Create or Open a Project On Instruction Create Add-On Instruction Test Project (off-line) Import Safety Add-On Instruction...

  • Page 77: Create Add-On Instruction Test Project

    Safety Add-On Instructions Appendix B Create Add-On Instruction Test Project You need to create a unique test project, specifically for creating and testing the safety Add-On Instruction. This must be a separate and dedicated project to minimize any unexpected influences. Follow the guidelines for projects described in Create the Project on page Create a Safety Add-On Instruction...

  • Page 78: Download And Generate Safety Instruction Signature

    Appendix B Safety Add-On Instructions Download and Generate Safety Instruction Signature When a sealed safety Add-On Instruction is downloaded for the first time, a SIL 3 safety instruction signature is automatically generated. The safety instruction signature is an ID number that identifies the execution characteristics of the safety Add-On Instruction.

  • Page 79: Create Signature History Entry

    Safety Add-On Instructions Appendix B Create Signature History Entry The signature history provides a record for future reference. A signature history entry consists of the instruction signature, the name of the user, the timestamp value, and a user-defined description. Up to six history entries may be stored. You must be offline to create a signature history entry.

  • Page 80: Project Verification Test

    Appendix B Safety Add-On Instructions Project Verification Test Perform an engineering test of the application, including the safety system. Functional Verification Tests on page 12 Project Verification Test on page 56 for more information on requirements. Safety Validate Project An independent, third-party review of the safety system may be required before the system is approved for operation.

  • Page 81: System Reaction Time

    Appendix Reaction Times Topic Page System Reaction Time Logix System Reaction Time System Reaction Time To determine the system reaction time of any control chain, you must add up the reaction times of all of components of the safety chain. System Reaction Time = Sensor Reaction Time + Logix System Reaction Time + Actuator Reaction Time Figure 19 - System Reaction Time...

  • Page 82: Simple Input-Logic-Output Chain

    Appendix C Reaction Times Simple Input-logic-output Chain Figure 20 - Logix System Worst-case Reaction Time for Simple Input to Logic to Output 3. Safety Task Period + Safety Task Watchdog 2. Safety Input Connection 4. Safety Output Connection 1. Safety Input 5.

  • Page 83: Logic Chain Using Produced/Consumed Safety Tags

    Reaction Times Appendix C Logic Chain Using Produced/Consumed Safety Tags Figure 21 - Logix System Reaction Time for Input to Controller A Logic to Controller B Logic to Output Chain 4. P/C Safety Connection Reaction Time Limit Ethernet Ethernet Ethernet Switch Network Network...

  • Page 84: Factors Affecting Logix Reaction-Time Components

    Appendix C Reaction Times Factors Affecting Logix The Logix Reaction Time components described in the previous sections can be influenced by a number of factors. Reaction-time Components Table 14 - Factors Affecting Logix System Reaction-time These reaction time components Are influenced by the following factors Input module delay Input module reaction time Each input channels On-Off and Off-On delay settings...

  • Page 85: Limit

    Reaction Times Appendix C 3. Adjust the input delay time as required for your application. Accessing Input and Output Safety Connection Reaction Time Limit The Connection Reaction Time Limit is defined by these three values: Value Description Requested Packet Interval (RPI) This is how often the input and output packets are placed on the wire (network).

  • Page 86: Configuring The Safety Task Period And Watchdog

    Appendix C Reaction Times 3. Click Advanced to open the Advanced Connection Reaction Time Limit dialog box. Configuring the Safety Task Period and Watchdog The safety task is a periodic timed task. You select the task priority and watchdog time via the Task Properties - Safety Task dialog box in your RSLogix 5000® project.

  • Page 87: Accessing Produced/Consumed Tag Data

    Reaction Times Appendix C Accessing Produced/Consumed Tag Data To view or configure safety tag connection data, follow these steps. 1. In the configuration tree, right-click Controller Tags and choose Edit tags. 2. In the Tag Editor, right-click the name of the tag and choose Edit Properties.

  • Page 88: Additional Resources

    Appendix C Reaction Times 5. Click Advanced to view or edit the current settings. Additional Resources Refer to these publications for more information. Also, consult the product documentation for your specific module for reaction times associated with CIP Safety I/O modules. Resource Description GuardLogix Controllers User Manual, publication...

  • Page 89: Checklist For Guardlogix Controller System

    Appendix Checklists for GuardLogix Safety Applications Topic Page Checklist for GuardLogix Controller System Checklist for Safety Inputs Checklist for Safety Outputs Checklist for Developing a Safety Application Program The checklists in this appendix are required for planning, programming, and startup of a SIL 3-certified GuardLogix® application. They may be used as planning guides as well as during functional verification testing.
  • Page 90 Appendix D Checklists for GuardLogix Safety Applications Checklist for GuardLogix Controller System Checklist for GuardLogix System Company Site Safety Function Definition Fulfilled Comment Number System Requirements Are you using only the components listed in SIL 3-certified GuardLogix Components on page and on the http://www.rockwellautomation.com/ products/certification/safety/...

  • Page 91: Checklist For Safety Inputs

    Checklists for GuardLogix Safety Applications Appendix D Checklist for Safety Inputs For programming or startup, an individual checklist can be filled in for every single SIL input channel in a system. This is the only way to make sure that the requirements are fully and clearly implemented.

  • Page 92: Checklist For Safety Outputs

    Appendix D Checklists for GuardLogix Safety Applications Checklist for Safety Outputs For programming or startup, an individual requirement checklist must be filled in for every single SIL output channel in a system. This is the only way to make sure that the requirements are fully and clearly implemented.

  • Page 93: Checklist For Developing A Safety Application Program

    Checklists for GuardLogix Safety Applications Appendix D Checklist for Developing a Use the following checklist to help maintain safety when creating or modifying a safety application program. Safety Application Program Checklist for GuardLogix Application Program Development Company Site Project Definition Fulfilled Number Application Program Requirements...
  • Page 94 Appendix D Checklists for GuardLogix Safety Applications Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 95: Pfd Values

    Appendix GuardLogix Systems Safety Data Topic Page PFD Values PFH Values The following examples show probability of failure on demand (PFD) and probability of failure per hour (PFH) values for GuardLogix® 1oo2 SIL 3 systems. Mission time for GuardLogix controllers is 20 years. For safety data, including PFD and PFH values for Guard I/O™...

  • Page 96: Pfh Values

    Appendix E GuardLogix Systems Safety Data PFH Values The data in Table 16 applies to proof test intervals up to and including 20 years. Table 16 - PFH Calculations Cat. No. Description PFH (1/Hour) 1756-L6xS and 1756-LSP GuardLogix controller 2.0E-10 1768-L43S and 1768-L45S Compact GuardLogix controller 2.0E-10...

  • Page 97: De-Energize To Trip System

    Appendix RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Topic Page De-energize to Trip System Use Connection Status Data to Initiate a Fault Programmatically When using RSLogix 5000™ software, version 14 safety application instructions, De-energize to Trip System all inputs and outputs are set to zero when a fault is detected.

  • Page 98: And Later, Safety Application

    Appendix F RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Figure 22 - Input Fault Latch and Reset Flow Chart Start Does this safety function require operator intervention after a safety input failure? Are the inputs used to drive safety application instructions? Make sure you select Manual Reset for the safety...

  • Page 99: And Later, Safety Application

    RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Appendix F Figure 23 - Ladder Logic Example 1 Node 30 is an 8-point input/8-point output combination module. Node 31 is a 12-point input module. If the input status is not OK, then latch the inputs faulted indication. Node30:I.InputStatus Node30InputsFaulted Node31:I.CombinedStatus...

  • Page 100: And Later, Safety Application

    Appendix F RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Figure 24 - Ladder Logic Example 2 Node 30 is an 8-point input/8-point output combination module. Node 31 is a 12-point input module. If the input status is not OK, then latch the inputs faulted indication. Node30:I.InputStatus Node30InputsFaulted Node31:I.CombinedStatus...

  • Page 101: And Later, Safety Application

    RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Appendix F Figure 25 - Output Fault Latch and Reset Flowchart Start Does this safety function require operator intervention after a safety output failure? Write logic to latch output failure. Is output fault information required for (Example Rung 0) diagnostic purposes?

  • Page 102: And Later, Safety Application

    Appendix F RSLogix 5000 Software, Version 14 and Later, Safety Application Instructions Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...

  • Page 103: Sil 2 Dual-Channel Inputs

    Appendix Using 1794 FLEX™ I/O Modules and 1756 SIL 2 Inputs and Outputs with 1756 GuardLogix Controllers to Comply with EN 50156 Topic Page SIL 2 Dual-channel Inputs (standard side of 1756 GuardLogix controllers) SIL 2 Outputs Using SIL 3 Guard I/O Output Modules SIL 2 Outputs Using 1756 or 1794 SIL 2 Output Modules Safety Functions within the 1756 GuardLogix Safety Task Dual-channel configuration is required for compliance in certain safety-related...
  • Page 104 Appendix G Using 1794 FLEX™ I/O Modules and 1756 SIL 2 Inputs and Outputs with 1756 GuardLogix Controllers to Comply with EN 50156 SIL 2 Input Data Keep channel A and channel B input data separate at all times. This example illustrates one method for separating channel A and channel B...

  • Page 105: Sil 2 Outputs Using Sil 3 Guard I/O Output Modules

    Using 1794 FLEX™ I/O Modules and 1756 SIL 2 Inputs and Outputs with 1756 GuardLogix Controllers to Comply with EN 50156 Appendix G SIL 2 Outputs Using SIL 3 Follow these guidelines for SIL 2 outputs: Guard I/O Output Modules •...

  • Page 106: Safety Functions Within The 1756 Guardlogix Safety Task

    Appendix G Using 1794 FLEX™ I/O Modules and 1756 SIL 2 Inputs and Outputs with 1756 GuardLogix Controllers to Comply with EN 50156 Safety Functions within the Follow these guidelines for using SIL 2 and SIL 3 safety functions within the safety task: 1756 GuardLogix Safety Task •...

  • Page 107: Glossary

    Glossary The following terms and abbreviations are used throughout this manual. For definitions of terms not listed here, refer to the Allen-Bradley Industrial Automation Glossary, publication AG-7.1. Add-On Instruction An instruction that you create as an add-on to the Logix instruction set. Once defined, an Add-On Instruction can be used like any other Logix instruction and can be used across various projects.
  • Page 108 Glossary Periodic Task A task that is triggered by the operating system at a repetitive period of time. Whenever the time expires, the task is triggered and its programs are executed. Data and outputs established by the programs in the task retain their values until the next execution of the task or until they are manipulated by another task.
  • Page 109 Glossary Safety Program A safety program has all the attributes of a standard program, except that it can be scheduled only in a safety task. The safety program consists of zero or more safety routines. It cannot contain standard routines or standard tags. Safety Routine A safety routine has all the attributes of a standard routine except that it is valid only in a safety program and that it consists of one or more instructions suitable for safety applications.
  • Page 110 Glossary Task A scheduling mechanism for executing a program. A task provides scheduling and priority information for a set of one or more programs that execute based on a certain criteria. Once a task is triggered (activated), all of the programs assigned (scheduled) to the task execute in the order in which they are displayed in the controller organizer.
  • Page 111 Index Numerics checklist GuardLogix controller system 26 1734-AENT 15 program development 91 1734-AENTR 16 SIL 3 inputs 89 1756-A10 15 SIL 3 outputs 90 CIP Safety protocol 1756-A13 15 definition 105 1756-A17 15 overview 23 1756-A4 15 routable system 33 1756-A5XT 15 commissioning life cycle 51 1756-A7 15...
  • Page 112 Index output delay time 28 overlap get system value (GSV) definition 105 defintion 9 ownership 29 GSV instructions 65 Guard I/O modules SIL 2 applications 103 partnership definition 105 peer-to-peer communication 24 hard faults pending edits 57 recovery 66 Performance Level human-to-machine interfaces definition 9 use and application 43...
  • Page 113 Index safety-locking 56 default 56 safety application instructions 69 passwords 56 definition 106 restricted operations 56 safety certifications and compliances 16 Secure Digital (SD) card 15 safety concept set system variable (SSV) instruction 65 assumptions 49 signature history 77 safety consumed tags SIL 2 safety network number 35 EN50156 101...
  • Page 114 Index Notes: Rockwell Automation Publication 1756-RM093J-EN-P - April 2018...
  • Page 116 Rockwell Automation maintains current product environmental information on its website at http://www.rockwellautomation.com/rockwellautomation/about-us/sustainability-ethics/product-environmental-compliance.page. Allen-Bradley, ArmorBlock, CompactBlock Guard I/O, CompactLogix, ControlBus, ControlFLASH, ControlLogix, ControlLogix-XT, DCM, FactoryTalk Security, FLEX I/O, Guard I/O, GuardLogix, GuardLogix-XT, Logix5000, POINT Guard I/O, POINT I/O, RSLogix 5000, Rockwell Automation, Rockwell Software, SLC, and SmartGuard are trademarks of Rockwell Automation, Inc.

This manual is also suitable for:

1768-l43s1756-l62s1756-l63s1768-l45s1756-lspRslogix 5000 version 20

Table of Contents