background image

Section 1  Safety Operator Warnings

Warnings

2PAA110888-600 - Warnings based on 3BNP004865-600 RevA

17

a calculation to check if the result is OK. If the result is not OK the user has to 
handle this in an appropriate way.

Programming Languages and Libraries

For an overview of certification levels and safety restrictions for System Functions 
and Library Types, see Appendix A, Certified Libraries. 

It is not allowed to use Functions, Function Blocks or Control Modules marked as 
SILxRestricted in a way that can influence the safety function of a SIL classified 
application. If such code affects an output from a SIL3 application, it might result in 
a Safety Shutdown.

It is not allowed to use output parameters from Function Blocks or Control Modules 
marked with NONSIL in the parameter description in a way that can influence the 
safety function of a SIL classified application. If such code affects an output from a 
SIL3 application, it might result in a Safety Shutdown. 

The Split and Join elements shall not be used in SIL Diagrams, since reverse 
components are not transferred. If needed, single (forward) components can be 
retrieved using dot notation, i.e. the (structured) signal can be branched, and a 
component from one of the branches can be connected to application logic.

If a faceplate with possibility for operator changes to objects in a SIL classified 
application is to be created or modified, the guidelines for Confirmed Write support 
in chapter Access Management Settings shall be followed.

Control Builder M Professional - Settings and Restrictions

If the EN (Enable) input on functions and function blocks is used in FBD and FD, 
great care shall be taken to avoid unintentional stop of application execution.

The user shall always connect the EN input to true when used on SFC and ST Code 
Blocks in FD.

When setting the “Application type” due care shall be taken to the properties of the 
process to be controlled by the AC 800M HI.

FDRT (Fault Detection and Reaction Time) is the maximum time from an internal 
error occur in the controller, to the defined action is taken. This time shall be set 
according to the process safety time and the demand rate of the controlled process.

Summary of Contents for Ability 800xA Series

Page 1: ...Power and productivity for a better world System 800xA Operations Safety Operator Warnings System Version 6 0...

Page 2: ......

Page 3: ...System 800xA Operations Safety Operator Warnings System Version 6 0...

Page 4: ...ystem its products and networks against security breaches unauthorized access interference intrusion leakage and or theft of data or information ABB verifies the function of released products and upda...

Page 5: ...ng Started 3BSE020923 25 S800 I O Modules and Termination Units 3BSE020924 26 System 800xA Safety 6 0 AC 800M High Integrity Reliability and Availability 3BSE034876 27 System 800xA Control 6 0 AC 800M...

Page 6: ...Table of Contents 6 2PAA110888 600 Revision History Introduction 33 Revision History 33...

Page 7: ...equipment software and procedures are the responsibility of the user of the 800xA System To fulfill the Safety of Machinery Directive 2006 42 EC ensure that this manual and System 800xA Operator Manu...

Page 8: ...o System 800xA is provided in System 800xA Released User Manuals and Release Notes 3BUA000263 System 800xA Released User Manuals and Release Notes 3BUA000263 is updated each time a document is updated...

Page 9: ...Manual 3BNP004865 600 RevA Warnings This section lists the warnings mentioned in the System 800xA Safety AC 800M High Integrity Safety Manual 3BNP004865 600 RevA Electrostatic Sensitive Device Device...

Page 10: ...ures Mitigation of the failure requires additional safety measures Information Requirements Requirements and instructions marked with the Warning symbol in this manual shall be adhered to for the syst...

Page 11: ...se The use of HART routing of AI880A during operation of the plant shall be restricted by configuration or by operational procedures AI880A as DI Loop Supervised Digital Input Module If the AI880A as...

Page 12: ...occurs when manually deleting an application or manually selecting cold re start at re configuration Inverted out channels are not allowed in SIL3 applications For channels of the DO880 module config...

Page 13: ...dix A Certified Libraries shall not be communicated via IAC CV If this restriction is violated in a SIL3 application it might result in a Safety Shutdown of the related AC 800M HI controller s SIL IAC...

Page 14: ...other Applications and other controllers the design shall take into consideration the possibilities that the remote inputs can be forced independently from the Force Control setting of the local Appli...

Page 15: ...ated between Applications in the same or different controllers the FDRTMMS of the communication subsystem shall be calculated to match the process safety time of the controlled process Requirements fo...

Page 16: ...ty input signals Keep current value is not allowed in Machine Safety applications The application program shall be designed to handle faulty input and output signals in accordance with the safety requ...

Page 17: ...elements shall not be used in SIL Diagrams since reverse components are not transferred If needed single forward components can be retrieved using dot notation i e the structured signal can be branche...

Page 18: ...according to the directions in Table 14 Safety Related Settings of DI880 To ensure safe operation and adaptation to the process DO880 shall be configured according to the directions in Table 15 Safety...

Page 19: ...ll be a unique identifier that the user has to enter manually both on the Subscriber System and on the Provider System For user friendliness the Provider ID shall be an easily distinguishable string w...

Page 20: ...the user manuals 800xA System Site Planning 3BUA000258 AC 800M Controller Hardware 3BSE036351 and S800 I O Getting Started 3BSE020923 shall be adhered to Program Download and Startup During online dow...

Page 21: ...within the repair time of 72 hours to avoid channel error Online replacement Hot Insert of the SM811 will lead to a short stop of the SIL3 applications The stop time is limited by the configured FDRT...

Page 22: ...urity 3BSE037410 There are no safety warnings in this manual System 800xA Technical Data and Configuration 3BSE041434 There are no safety warnings in this manual System 800xA Operator Manual 2PAA11113...

Page 23: ...ectrical Shock Hazard During Maintenance Disconnect power or take precautions to insure that contact with energized parts is avoided when servicing Prefabricated aluminum profile The AC 800M Controlle...

Page 24: ...CI862 unit into this baseplate Insertion of other unit types may cause damage to the equipment Maintenance Before attempting maintenance or troubleshooting read the Safety Summary on page 13 Failure...

Page 25: ...Maintenance Disconnect power or take precautions to insure that contact with energized parts is avoided when servicing Hazardous Location North American Approval cULus Explosion hazard Do not disconne...

Page 26: ...is important to be aware of the local requirements for safety when starting and stopping the I O system or controller User Repair Switch off the process voltage before removal of the module if the pl...

Page 27: ...ual Entities and Reservation Multi User Engineering Reservations do not protect any runtime data or prevent download of modified applications to a controller For example if a controller is reserved by...

Page 28: ...e using Backup Media The firmware upgrade function in PM85x PM86x controllers uses a low level function to locate a special boot file on the CompactFlash card which does not depend on the normal file...

Page 29: ...re very large Depending on the process you are dumping you can end up with dump files that are several hundreds of megabytes large Network Security Considerations Users of an automation system must as...

Page 30: ...ctions may lead to loss of process fire or death Safety In order to get the formal status of the safety certification of a 800xA Safety product safety documentation hardware and software components re...

Page 31: ...uctions may lead to loss of process fire or death Safety In order to get the formal status of the safety certification of a 800xA Safety product safety documentation hardware and software components r...

Page 32: ...Warnings Section 1 Safety Operator Warnings 32 2PAA110888 600 Warnings based on 3BNP004865 600 RevA...

Page 33: ...sion history of this User Manual Revision History The following table lists the revision history of this User Manual The revision index of this User Manual is not related to the 800xA 6 0 System Revis...

Page 34: ...Revision History 34 2PAA110888 600...

Page 35: ......

Page 36: ...Power and productivity for a better worldTM Contact us Copyright 2015 ABB All rights reserved 2PAA110888 600 www abb com 800xA www abb com controlsystems...

Reviews: