Cpu 416F For Fail-Safe Controlling (Distributed Safety) - Siemens SIMATIC S7-400 Configuration And Use Manual
Automation system
Hide thumbs
Also See for SIMATIC S7-400:
- Reference manual (472 pages) ,
- Installation manual (316 pages) ,
- Hardware and installation manual (298 pages)
Table of Contents
Advertisement
CPUs of the S7-400
2.8
CPU 416F for Fail-safe Controlling (Distributed Safety)
Introduction
Fail-safe, S7 Distributed Safety is used in the area of machine and personnel
protection (for example, for emergency stop devices for machining and processing
equipment) and in the process industry (for example, for implementation of
protection functions for small instrumentation and control devices and small
burners).
S7-400F Automation System
An S7-400F automation system is built with a CPU 416F. The CPU 416F is based
on the corresponding standard CPU 416. Its hardware and operating system is
enhanced by several protection mechanisms that allow the CPU 416F to execute
safety programs.
Safety Requirements
F-systems S7 Distributed Safety can fulfill the following safety requirements:
• Requirement class AK1 to AK6 in accordance with DIN V 19250/DIN V VDE
0801
• Safety class (Safety Integrity Level) SIL1 to SIL3 in accordance with IEC 61508
• Category 2 to 4 in accordance with EN 954-1
Principle of Safety Functions S7 Distributed Safety
Fail-safe behavior is achieved by means of safety functions primarily in the
software. Safety functions are executed by the S7 F Distributed Safety
programmable controller in order to return the system to a safe state, or keep it in
a safe state when a hazardous event occurs. The safety functions are primarily
incorporated in the following components:
• In the safety-related user program on the central processing unit
• In the fail-safe input/output modules
The fail--safe I/O ensure safe processing of field information (emergency OFF
buttons, light barriers, motor control). They contain all of the required hardware and
software components for safe processing, in accordance with the required safety
class. The user only programs the user safety function. The safety function for the
process can be provided through a user safety function or a fault reaction function.
In the event of a fault, if the F-system can no longer execute its actual user safety
function, it executes the fault reaction function; for example, the associated outputs
are deactivated and the F-CPU switches to STOP mode, if necessary.
2-18
Automation System S7-400 Configuration and Use
A5E00442711-02
Advertisement
Table of Contents
