Warnings
Section 1 Safety Operator Warnings
14
2PAA110888-600 - Warnings based on 3BNP004865-600 RevA
It is the end users responsibility to make sure that before doing the Manual
Acknowledge on the related IAC Acknowledge Group the process can be started
safely. Auto Acknowledge is not allowed for Machine Safety applications. If Auto
Acknowledge is used it is the end-users responsibility to make sure the process can
start safely.
For Machine Safety applications, acknowledgment of IAC communication shall
require the 'Access Enable' to be enabled. This means that the CVAckISP control
module must be configured with AccessLevel set to
ConfirmWriteAndAccessEnable. It is also not allowed to use the bool inputs
ResetGroup or ResetAllGroups, nor cascaded groups of CVAckISP modules, for
Machine Safety.
One IAC Acknowledge Group can have a maximum of 32 Communication
Variables connected. If structured variables are used the maximum number of
structured components connected is 32.
In Applications where input I/O variables reside in other Applications (and other
controllers), the design shall take into consideration the possibilities that the
“remote” inputs can be forced independently from the Force Control setting of the
“local” Application.
It is the end-users responsibility to ensure that the Lower SIL signals are well
reviewed and tested, to verify that they do not interfere with the safety function.
Some of the function block types in MMSCommLib for communication between
applications in the same controller are certified SILx Restricted. This means that
they are allowed to be used in SIL classified applications, but the communicated
data cannot be used for safety critical functions.
For exchanging safety critical data between Applications using MMS, the Control
Modules MMSDefxxx and MMSReadxxx shall be used. The Valid parameter of the
MMSReadxxx shows whether the data can be trusted. In case of invalid data, the
application shall bring the related safety functions to safe state.
The Control Modules MMSDefxxx and MMSReadxxx are designed to be executed
every scan of the application, hence any conditional execution (for example, use of
ExecuteControlModules inside an if statement) shall be avoided. Conditional
execution may extend the TimeOut and FDRT.