Rockwell Automation Publication 1756-RM012B-EN-P - April 2018
43
Characteristics of Safety Tags, the Safety Task, and Safety Programs
Chapter 5
Access to Safety-related Systems
HMI-related functions consist of two primary activities: reading and writing
data.
Read Parameters in Safety-related Systems
Reading data is unrestricted because reading doesn’t affect the behavior of the
safety system. However, the number, frequency, and size of the data being read
can affect controller availability. To avoid safety-related spurious trips, use good
communication practices to limit the impact of communication processing on
the controller. Do not set read rates to the fastest rate possible.
Change Parameters in SIL-rated Systems
A parameter change in a safety-related loop via an external (that is, outside the
safety loop) device (for example, an HMI) is allowed only with the following
restrictions:
• Only authorized, specially trained personnel (operators) can change the
parameters in safety-related systems via HMIs.
• The operator that changes a safety-related system via an HMI is
responsible for the effect of those changes on the safety loop.
• You must clearly document variables that are to be changed.
• You must use a clear, comprehensive, and explicit operator procedure to
make safety-related changes via an HMI.
• Changes can be accepted in a safety-related system only if the following
sequence of events occurs:
a. The new parameter value must be sent twice to two different tags;
that is, both values must not be written to with one command.
b. The two standard tags that receive the parameter value from the
HMI must be mapped into two safety tags.
c. Safety-related code that executes in the controller, must check both
safety tags for equivalency and make sure that they are within range
(boundary checks).
d. Both new variables must be read back and displayed on the HMI
device (the HMI display should read the safety tags that received the
mapped tag values from the standard tags).
e. Trained operators must visually check that both variables are the
same and are the correct value.
f. Trained operators must manually acknowledge that the values are
correct on the HMI display that sends a command to the safety logic,
which allows the new values to be used in the safety function.
In every case, the operator must confirm the validity of the change
before they are accepted and applied in the safety loop.
• Test all changes as part of the safety assessment procedure.
Summary of Contents for Compact GuardLogix 5380
Page 88: ...88 Rockwell Automation Publication 1756 RM012B EN P April 2018 Appendix C Reaction Times Notes...
Page 108: ...108 Rockwell Automation Publication 1756 RM012B EN P April 2018 Glossary Notes...
Page 114: ...114 Rockwell Automation Publication 1756 RM012B EN P April 2018 Index...
Page 115: ......