Allen-Bradley GuardPLC 1753 Safety Reference Manual
  1. Manuals
  2. Brands
  3. Allen-Bradley Manuals
  4. Controller
  5. GuardPLC 1753
  6. Safety reference manual
Allen-Bradley GuardPLC 1753 Safety Reference Manual

Allen-Bradley GuardPLC 1753 Safety Reference Manual

Controller systems
Hide thumbs Also See for GuardPLC 1753:
Table of Contents

Advertisement

Quick Links

Download this manual
GuardPLC™
Controller Systems
Bulletin 1753, 1754, and 1755
Safety Reference Manual
AB Parts

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the GuardPLC 1753 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Allen-Bradley GuardPLC 1753

Summary of Contents for Allen-Bradley GuardPLC 1753

  • Page 1 GuardPLC™ Controller Systems Bulletin 1753, 1754, and 1755 Safety Reference Manual AB Parts...
  • Page 2 Attentions help you: • identify a hazard • avoid a hazard • recognize the consequence Allen-Bradley, GuardPLC, and RSLogix Guard PLUS are trademarks of Rockwell Automation. WindowsNT and Windows 2000 are registered trademarks of Microsoft Corporation.

  • Page 3: Table Of Contents

    Summary of Changes The information below summarizes the changes to this manual since the last publication. To help you find new and updated information in this release of the manual, we have included change bars as shown to the right of this paragraph.
  • Page 4 Summary of Changes Publication 1755-RM001B-EN-P - March 2004...
  • Page 5 Table of Contents Chapter 1 Safety Concept Certification ........1-2 Introduction to Safety .
  • Page 6 Table of Contents Analog Inputs ........3-6 General .
  • Page 7 Table of Contents Chapter 6 Technical Safety for the Introduction ........6-1 General Procedure .
  • Page 8 Table of Contents viii Publication 1755-RM001B-EN-P - March 2004...

  • Page 9: Safety Concept

    Chapter Safety Concept This chapter introduces you to the safety concept for the following GuardPLC products: Catalog Number Description 1753-L28BBB-M GuardPLC 1600 controller with Modbus Communications 1753-L28BBB-P GuardPLC 1600 controller with Profibus-DP Communications 1753-L32BBBM-8A GuardPLC 1800 controller with Modbus Communications 1753-L32BBBP-8A GuardPLC 1800 controller with Profibus-DP Communications 1753-IB16...

  • Page 10: Certification

    Safety restrictions can be found in this manual. See Safety Requirements on page 1-3. Introduction to Safety The Programmable Electronic System (PES) for the Allen-Bradley GuardPLC system is safety-related, based on the 1oo2 microprocessor structure for one central module. These controllers are safety-related up to safety requirement class 6 according to DIN V 19250, SIL 3 according to IEC 61508 and category 3,4 according to EN 954-1.

  • Page 11: Pfd And Pfh Calculations

    Safety Concept PFD and PFH Calculations The average probability of a system to fail to satisfactorily perform its safety function on demand is called Probability of Failure on Demand (PFD). The probability of a system to have a dangerous failure occur per hour is called Probability of Failure per Hour (PFH).

  • Page 12: Programming Requirements

    Safety Concept Product Dependent Only equipment that can be safely isolated from the main power should be connected to the system. The safe electrical isolation of the power supply must take place in the 24V dc power supply. Only PELV- and SELV-compliant power supplies may be used.

  • Page 13: Maintenance Override

    Safety Concept Communication • When safety-related communication occurs between different devices, the total response time of the system must not exceed the fault tolerance time. See Calculating Worst-Case Reaction Time on page 7-2. • Safety-related data cannot be transferred over public networks (e.g.

  • Page 14: Fault Tolerance Time (Ftt)

    Safety Concept Fault Tolerance Time (FTT) (See DIN VDE 0801 Appendix A1 2.5.3) The fault tolerance time is an attribute of the process and describes the time span in which faulty signals can be tolerated in the process without a dangerous condition occurring. If the fault condition lasts longer than the FTT, the faulty signals can create a dangerous condition.

  • Page 15: Watchdog Time Of The Cpu (In The Pes)

    Safety Concept Watchdog Time of the CPU (in the PES) The watchdog time of the CPU is dependent upon system capabilities. The watchdog time of the CPU is the maximum permissible time allowed for a RUN cycle (cycle time). If the cycle time exceeds the default watchdog time of the CPU, the CPU goes into FAILURE STOP mode.
  • Page 16 Safety Concept Publication 1755-RM001B-EN-P - March 2004...

  • Page 17: Central Functions

    Chapter Central Functions Chapter Introduction This chapter discusses the power supply, the CPU, and self-test routines for GuardPLC controllers. For information about: See page: the power supply functional description of the central module 2-2 self-test routines error diagnostics GuardPLC 1200 is a compact system which includes a CPU, 20 digital inputs, 8 digital outputs, 2 counters and communication ports in a single package.

  • Page 18: Functional Description Of The Central Processing Unit

    Central Functions Functional Description of The central processing unit of the GuardPLC controllers consists of the following function blocks: the Central Processing Unit Figure 2.1 Display of the Function Blocks (Using GuardPLC 2000): Ethernet Module Buffered SRAM µP1 µP2 RAM 1 RAM 2 SYNC ADDRESS...

  • Page 19: Self-Test Routines

    Central Functions Self-Test Routines The most important self-test routines for the safety-related GuardPLC controller’s central processing unit and the interface to the I/O level are described in the following sections. Microprocessor-Test The following items are checked: • all used commands and addressing modes •...

  • Page 20: Test Of The I/O Bus Within The System

    Central Functions Test of the I/O Bus Within the System The connection between the CPU and the related I/O points or I/O modules is checked. Reactions to Detected Errors in the CPU A hardware comparator within the central area constantly compares whether the data of microprocessor system 1 are identical to the data of microprocessor system 2.

  • Page 21: Input Channels

    Chapter Input Channels Chapter Introduction This chapter discusses GuardPLC controllers and I/O module input channels. For information about: See page: input module capabilities general safety-related information safety of sensors, encoders, and transmitters input modules safety-related digital inputs analog inputs counter module checklist for safety-related inputs 3-10 Overview...

  • Page 22: General Information On Safety-Related Input Modules

    Input Channels General Information on The safety-related input modules can be used both for safety-related and non-safety-related inputs. Safety-Related Input Modules The GuardPLC safety-related input modules have a diagnostic LED, quick error detection, and error localization. In addition, status messages can be evaluated in the user program. I/O errors stored in the diagnostic buffer can be read via RSLogix Guard PLUS.

  • Page 23: Test Routines

    Input Channels Test Routines The online test routines perform a walking input test to check whether the input channels are able, independent of the pending input signals, to make a through-connection of both signal levels (L- and H- signal). This functional test is executed with every input signal reading.

  • Page 24: Configurable Digital Inputs

    Input Channels Surge on Digital Inputs An EN61000-4-5 surge impulse can be read as a short-time H signal, caused by the short cycle time of the GuardPLC system. To avoid errors of this type, use one of the following preventative measures: •...

  • Page 25: Ab Parts

    Input Channels Figure 3.2 Emergency Off Switches Emergency Emergency OFF 1 OFF 2 The digital outputs DO1 and DO2 are pulsed (T1 and T2 below). As a result, the connections to the digital inputs are monitored. Figure 3.3 Digital Input Monitoring configurable 5 to 2000 µs configurable 5 to 2000 µs The FAULT LED on the front plate of the controller/module flashes,...

  • Page 26: Analog Inputs

    Input Channels Analog Inputs General In the 8 analog input channels available in each module, the incoming signals are converted into an INTEGER value in 12-bit resolution. This value can then be used in the user program. The following input values are possible for the GuardPLC 1800 controller: Number of Polarity...

  • Page 27: Test Routines

    Input Channels All of the channels default to voltage mode. On a channel-by-channel basis, a shunt resistor can be added in parallel with the analog device if current mode is requested. In current mode, the 10K resistor specified below is not required. The 1755-IF8 AI module does not perform line monitoring.

  • Page 28: Reaction In Case Of Fault

    Input Channels Reaction In Case of Fault If the test routines for analog inputs detect an error, a “0” value is processed for the faulty channel in the application program, and the “FAULT” LED illuminates. In addition, a channel status signal greater than 0 is generated for the application program.

  • Page 29: General

    Input Channels General Depending on the parameters in the user program, the counter can be operated as a fast up/down counter with 24-bit resolution or as an encoder in the Gray Code. When used as a quick up/down counter, the signals of the impulse input and the counter direction are necessary in the application.

  • Page 30: Checklist For Safety-Related Inputs

    3-10 Input Channels Figure 3.5 Example Block Diagram of Counter Inputs (Using 1755-HSC of the GuardPLC 2000): I/O Bus Counter channel 2 Counter channel 1 Internal Logic & & 4 channels This display does not represent the specifications of the related module.
  • Page 31 Input Channels 3-11 Checklist for Configuration, Programming, and Start-up of Safety Manual GuardPLC System Company: Site: Loop definition: Safety-related input channels in the: GuardPLC 1200 GuardPLC 1800 GuardPLC 1600 GuardPLC 2000 Requirements Fulfilled Comment Is this a safety-related input? Is this a digital input? Is the hysteresis for the digital inputs configured correctly? (GuardPLC 1800 and 2000)
  • Page 32 3-12 Input Channels Publication 1755-RM001B-EN-P - March 2004...

  • Page 33: Chapter Introduction

    Chapter Output Channels Chapter Introduction This chapter discusses GuardPLC 1200 and GuardPLC 2000 output modules. For information about: See page: output module capabilities general safety-related information digital outputs safety-related analog output module checklist for safety-related outputs Overview of GuardPLC See the table below for an overview of GuardPLC output capabilities. Output Modules Controller/Module Type...

  • Page 34: Digital Outputs

    Output Channels Three testable semi-conductor switches have been integrated, in series, into the safety-related output modules. Thus, the second independent switch-off, required for safety technical reasons, has been integrated on the output module. This integrated safety switch-off safely shuts down all channels of the output module (de-energized condition) if an error occurs.

  • Page 35: Reaction To Error

    Output Channels 3. Low supply voltage protection. If the supply voltage drops below 13V, you will not be able to turn on any outputs. 4. At a minimum interval of 20 seconds, digital outputs are turned off for a maximum of 200 µs each (200 x 10E-6 sec). Reaction To Error The following conditions may occur as a result of errors.

  • Page 36: Analog Outputs In The 1755-Of8 (Ab-Ao)

    Output Channels Analog Outputs in the General 1755-OF8 (AB-AO) The analog outputs on the 1755-OF8 GuardPLC 2000 (AB-AO) module are written once per cycle and stored internally. This functionality is tested by the module itself. The analog output module can be configured for current or voltage output via DIP switches on the module.

  • Page 37: Reaction To Error

    Output Channels Reaction To Error The output signals are read back once per cycle and compared with the internally stored output signals of the intelligent module 1755-OF8 (AB-AO). If a discrepancy is detected, the faulty output channel is switched off via the two safety switches, and the module failure is reported via the FAULT LED.

  • Page 38: Checklist For Safety-Related Outputs

    Output Channels Checklist for Use the following checklist for system configuration, programming and start up of safety-related outputs. Safety-Related Outputs It may be used as a planning draft as well as a proof. If used as a planning draft, the checklist can be saved as a record of the plan. To ensure that the requirements are fully and clearly satisfied during system configuration or start-up, an individual checklist for controlling the requirements can be filled in for every single safety-related output...

  • Page 39: Chapter Introduction

    Chapter GuardPLC Controller Operating System Chapter Introduction This chapter discusses the details of the GuardPLC controllers, their operating system and RSLogix Guard PLUS software. For information about: See page: software technical safety operating mode and functions technical safety for programming parameterizing the automation module forcing protection against manipulation...

  • Page 40: Technical Safety For The Operating System

    GuardPLC Controller Operating System The essential functions of the operating system and their correlation to the application program are shown in the following table: Functions of the Operating System Connections to the Application Program Cyclical processing of the application Acts on variables, function blocks program Configuration of the automation module Fixed by the selection of the GuardPLC...

  • Page 41: Technical Safety For Programming

    GuardPLC Controller Operating System In addition, there are the following essential functions: • comprehensive self-tests • tests of the I/O modules while in operation • data transfer • diagnostics Technical Safety Safety Concept of RSLogix Guard PLUS for Programming The safety concept of RSLogix Guard PLUS warranties that: •...

  • Page 42: Creation Of A Backup Program

    GuardPLC Controller Operating System You must also generate a suitable test set for the numeric evaluation of formulas. Equivalent range tests are acceptable. These are tests within the defined value ranges, at the range limits, or using invalid value ranges. Select the test cases to prove the validity of the calculation.

  • Page 43: Program Identification

    GuardPLC Controller Operating System Program Identification The application program is clearly identified by the top level root.config “Controller Overview”. The related backup can thus be clearly determined. The identification of a backup should contain the configuration CRC of the controller. To make sure that the backup is unmodified, first compile the backup, and then compare this newly generated code version with the code version of the program loaded in the controller.

  • Page 44: Forcing

    GuardPLC Controller Operating System Forcing Forcing is only permissible after consulting the approving board responsible for site approval. During forcing, the person in charge must ensure sufficient safety technical monitoring of the process by other technical and structural measures. The following forcing options are possible: •...

  • Page 45: Protection Against Manipulation

    GuardPLC Controller Operating System Protection Against The user, in conjunction with the approving board, must define what measures will be applied to protect against manipulation. Manipulation Protection mechanisms are integrated in the PES and in RSLogix Guard PLUS to prevent unintentional or unauthorized modifications to the safety system: •...

  • Page 46: Checklist For The Creation Of An Application Program

    GuardPLC Controller Operating System Checklist for the Creation of Use the following checklist to maintain safety technical aspects when programming, and before and after loading the new or modified an Application Program program. Checklist for Creation of an Application Program Safety Manual GuardPLC Systems Company: Site:...

  • Page 47: Chapter 6 Introduction

    Chapter Technical Safety for the Application Program Introduction This chapter discusses technical safety for the application program. For information about: See page: General Procedure Basis of Programming Variable Declaration and I/O Naming Functions of the Application Program Program Documentation for Safety-Related Applications The following sections contain defaults, rules and requirements developed from sample construction surveys, etc.

  • Page 48: General Procedure

    Technical Safety for the Application Program General Procedure The general procedure for programming the GuardPLC control systems for technical safety applications is listed below. • Specify the control function. • Write the application program. • Compile the application program with the C-code generator. •...

  • Page 49: Sequential Controls (Step Controls)

    Technical Safety for the Application Program Sequential Controls (Step Controls) • Verbal descriptions of the steps with step conditions and actuators to be controlled • Flow charts • Matrix or table form of stepped conditions and the actuators to be controlled •...

  • Page 50: Assignment Of I/O Names To Variable Names

    Technical Safety for the Application Program The use of symbolic names instead of physical addresses has two essential advantages: • The equipment definitions of inputs and outputs can be used in the application program. • Modifications of the signal assignment in the input and output channels have no effect on the application program.

  • Page 51: Functions Of The Application Program

    Technical Safety for the Application Program linking these modules into a larger module or ultimately into a program. Functions of the Programming is not subjected to any restrictions imposed by hardware. The functions of the application program are freely Application Program programmable.

  • Page 52: Parameters Of The Application Program

    Technical Safety for the Application Program Parameters of the Application Program The parameters listed in the following table determine the behavior of the automation module while in operation and are set in the menu attributes of the controller. Here the permissible actions are determined with the programming software in the safety-related operation of the automation module and the safety-related parameters are preset.

  • Page 53: Procedure For "Enabling" The Pes

    Technical Safety for the Application Program Follow the procedure below to “disable” the PES: 1. The following values must be set in the controller: Main Enable TRUE Force Enable FALSE (application-dependent) Freeze FALSE Start/Restart TRUE Load Enable TRUE Autostart Enable TRUE/FALSE Stop during Force Timeout TRUE (application-dependent)

  • Page 54: Code Generation

    Technical Safety for the Application Program To restart following initialization of the CPU (after power failure), follow the steps below to “Enable” the PES: 1. Set Main Enable switch to TRUE. 2. Set Start/Restart switch to TRUE. 3. Start the application program. 4.

  • Page 55: Program Documentation For Safety-Related Applications

    Technical Safety for the Application Program The following table describes Forcing of Switches and Parameters. Switches or Function Default Value Setting for Parameters Safe Operation Force Release Enable the Force function Force Timeout Stop the CPU after exceeding the Stop Stop Force time Forcing Master...
  • Page 56 6-10 Technical Safety for the Application Program Publication 1755-RM001B-EN-P - March 2004...

  • Page 57: Non-Safety-Related Communication

    Chapter Configuring Communications Non-Safety-Related Apart from the input/output signals, signal statuses can also be exchanged via a data link with another system. To achieve this, the Communication variables are declared in the COM area using RSLogix Guard PLUS. This data exchange can be read/write. When configuring communication, the IP address serves as access safety.

  • Page 58: Calculating Worst-Case Reaction Time

    Configuring Communications If safety-related signals cannot be imported (received) within the ReceiveTMO, they are reset to their (user-configurable) initial values in the PES. The value of the input signal must be present longer than the ReceiveTMO or be monitored via loopback. ReceiveTMO is a safety-related parameter.

  • Page 59: Terms

    Configuring Communications Between PES and Remote I/O Modules The worst-case reaction time between changing a transmitter of the first remote I/O module and the reaction of the outputs of the second remote I/O module can be calculated as follows: = input path + output path, where: = Worst-Case Reaction Time input path = t output path = t...
  • Page 60 Configuring Communications Worst-Case Reaction Time The maximum response time from the occurrence of a physical input signal change until the reaction of the physical output signal (see the illustration below). Data transfer is carried out by means of safety-related protocols. Publication 1755-RM001B-EN-P - March 2004...

  • Page 61: Chapter Introduction

    Appendix Specifications Chapter Introduction This chapter discusses climate, mechanical, and EMC environmental regulations. For information about: See page: climatic conditions mechanical conditions EMC conditions power supply conditions The PES GuardPLC controllers were developed to meet the following standards for the EMC, climate, and environment regulations. IEC61131-2 Programmable Controllers Part 2: Equipment requirements and tests...

  • Page 62: Climatic Conditions

    Specifications Climatic Conditions The most important parameters and tests for climatic conditions are listed in the following table: EN 61131-2 Test: Paragraph Climatic Tests 6.3.4 Temperature operating 0 to 60°C (Test limits -10 to 70°C) Storage Temperature -40 to 85°C (Battery only -30°C) 6.3.4.2 Dry heat and cold resistance test (70°C / -25°C, 96h, EUT Power supply unconnected)

  • Page 63: Emc Conditions

    Specifications EMC Conditions The most important parameters and tests for EMC conditions are listed in the following table: Standard(s) Noise Immunity Tests EN 61131-2, 6.3.6.2.1 ESD test (4 KV contact / 8 kV air discharge) IEC/EN61000-4-2 EN 61131-2, 6.3.6.2.2 RFI test (10 V/m) IEC/EN61000-4-3 26MHz to 1GHz, 80%AM EN 61131-2, 6.3.6.2.3...

  • Page 64: Power Supply Conditions

    Specifications Power Supply Conditions The most important parameters and tests for power supply conditions are listed in the following table: EN 61131-2 Verification of DC Power Supply Characteristics Paragraph 6.3.7 6.3.7.1.1 Voltage range test dc, -20%, +25% (19.2V to 30.0V) 6.3.7.2.1 Momentary interruption immunity test dc, PS2: 10 ms...
  • Page 65 Appendix Use in Central Fire Alarm Systems All GuardPLC systems with analog inputs can be used for control and indicating equipment in accordance with DIN EN 54-2 and NFPA 72. The user program must fulfill the functional requirements established for central fire alarm systems by the standards cited above. The required maximum cycle time of 10 seconds (DIN EN 54-2) for central fire alarm systems can be achieved with GuardPLC systems, whose cycle times can be measured in milliseconds.
  • Page 66 Use in Central Fire Alarm Systems alarm loop. The required data is contained in the relevant specifications from the sensor manufacturer. The alarm outputs, used for activating lamps, sirens, horns, etc., are operated using the open-circuit principle. These outputs must be monitored for line breaks and short-circuits.
  • Page 67 Index application program GuardPLC catalog numbers technical safety input modules central module analog inputs functional description block diagram certifying body general information checklist reaction in case of fault creation of an application program test routines 3-10 safety-related inputs counter module 3-10 safety-related outputs block diagram...
  • Page 68 Index selt-test routines CPU-test parameterizing the automation module fixed memory sectors peer-to-peer communication I/O bus RAM-test calculations reactions to detected errors in CPU test memory sectors calculations watchdog-test power supply software power supply conditions GuardPLC 1200/2000 safety-related systems probability of failure on demand probability of failure per hour production rate Proof Test Interval...
  • Page 69 AB Parts...
  • Page 70 Back Cover Publication 1755-RM001B-EN-P – March 2004 PN 957678-74 Supersedes Publication 1755-RM001A-EN-P – September 2001 © 2004 Rockwell Automation. Printed in the U.S.A.

This manual is also suitable for:

Guardplc 1754Guardplc 1755

Table of Contents