ABB AC500-S Safety User Manual page 331

No. Item to check
3. Make sure that the following rule, as defined by
PROFIsafe standard (refer to www.profisafe.net for more
details), was considered in the safety application anal-
ysis:
● A maximum of 10 communication links (i.e.,
PROFIsafe connections from the given safety input to
the given safety output) per safety function is per-
mitted for an average probability of a dangerous
-9
failure of 10
munication links per safety function, the probability of
a dangerous failure increases by 10
tional communication link. Correspondingly, a max-
imum of 100 communication links is permitted in case
of SIL 2.
4. Make sure that all network devices used in conjunction
with AC500-S safety PLC meet the requirements of IEC
61010 or IEC 61131-2 (e.g., PELV). Single port routers
are not permitted as borders for a safety island.
Refer to Ä [3] for further details.
5 Before any deployment of a safety application with
PROFIsafe, especially those using wireless components,
an assessment for dangerous threats such as eaves-
dropping or data manipulation shall be executed (refer to
Ä [11] for more details). Check that adequate level of
security defining security zones with security gates was
established.
In case of no threat, no security measures are necessary.
Note:
There are two possible threats identified so far mainly for
applications with wireless components
● Willful changes of parameters of F-Devices and
safety programs;
● Attacks on the cyclic communication, e.g., simulation
of the safety communication.
6. The complete functional testing of all parts of the safety
application has to be performed. This test must be car-
ried out with the machine in its final configuration
including mechanical, electrical and electronic compo-
nents, sensors, actuators, and software.
7. Verify that clear operation, maintenance and repair pro-
cedures (organization, responsibility, spare parts, project
data backup, etc.) for safety application are defined.
Note:
● Restart of the corresponding safety control loop is
only permitted, if there is no hazardous process state,
and after an operator acknowledgment (OA_C).
Ä [3] for further details.
Refer to
8. Verify that proper electrical contact is available between
safety I/O modules (AI581-S, DI581-S and DX581-S) and
TU582-S terminal units. Follow the assembly instructions
for safety I/O modules
Ä "Assembly of DX581-S" on page 92
on page 66
Ä "Assembly of AI581-S" on page 110.
2020/06/19
/h (SIL 3). In case of more than 10 com-
-10
Ä [3]:
Ä "Assembly of DI581-S"
3ADR025091M0208, 12, en_US
Fulfilled (yes / no)?
/h per addi-
Checklists for AC500-S commissioning
Checklist for operation, maintenance and repair
Comment
331