15
2TLC172001M0211_A
4.3.1.2 0 Volt
In general 0 or close to 0 volt/mA cannot be trusted as a true signal except when there is a
dynamic behaviour in the application which makes it possible to evaluate the correctness.
There are two reasons for this:
-
0 can be a consequence of an internal fault in Pluto. Variables in the PLC code are then
often set to 0.
-
An analogue value close to 0, 0..0.5V/ 0..0.5mA can be caused by wire break or other
interruption of the connected sensor.
The use of 4-20mA or 2-10V range is therefore recommended.
Note: If 0-signals are used the evaluation of the correctness must be performed by the
application program.
4.3.2 Possible architectures, achievable safety levels and prerequisites
This table is an overview of safety levels for different applications.
The achievable SIL / PL depend on the sensor which is used in the application.
Structure
Achievable
SIL / PL
Prerequisites,
necessary diagnostic to be realized in the application
program
1 standard sensor
SIL 1 / PL c
Measurement values < 3.0mA resp. < 1.5V have to be handled as
failure conditions
(DC
≥
60%)
1 FS certified sensor
(SIL 2 / PL d)
SIL 2 / PL d
Measurement values < 3.0mA resp. < 1.5V have to be handled as
failure conditions.
Eventual additional diagnostic measures mentioned in the safety
manual of the sensor
1 FS certified sensor
(SIL 3 / PL e)
SIL 2 / PL d
Measurement values < 3.0mA resp. < 1.5V have to be handled as
failure conditions.
Eventual additional diagnostic measures mentioned in the safety
manual of the sensor
2 standard sensors
(homogeneous
redundant)
SIL 2..3 / PL d Measurement values < 3.0mA resp. < 1.5V have to be handled as
failure conditions.
Monitoring, if the measured values of both channels match
together
(DC
≥
60%)
2 standard sensors
(diverse redundant)
SIL 3 / PL e
Measurement values < 3.0mA resp. < 1.5V have to be handled as
failure conditions.
Monitoring, if the measured values of both channels match
together
(DC
≥
90%)
