Rockwell Automation Allen-Bradley ControlLogix SIL 2 Reference Manual Download Page 15 | Manualshive

Page: 15 / 42

background image

Rockwell Automation Publication 1715-RM001A-EN-P - June 2019

15

Features of the ControlLogix SIL 2 System

Chapter 2

Application Development
Requirements

The application software for the SIL2-related automation system is created using

the programming tool, that is, RSLogix 5000® software or the Studio 5000 Logix

Designer® application, according to IEC 61131-3.

The application program has to be created by using the programming tool and

contains the specific equipment functions that the ControlLogix system

implements. Parameters for the operating function are also entered into the

system with the programming software.

The safety concept of the SIL 2 ControlLogix system assumes the following:

• The user who is responsible for creating, operating, and maintaining the

application is fully qualified, specially trained, and experienced in safety

systems.

• The programming software is installed correctly.
• Control system hardware is installed in accordance with product

installation guidelines.

• User application code (user program) uses common and good design

practices.

• A test plan is documented and adhered to, including well-understood

proof test requirements and procedures.

• A well-designed validation process is defined and implemented.
• A well-designed Management of Change (MOC) procedure is in place

Security

In the ControlLogix system and in the programming software, protection

mechanisms are available that help prevent unintentional or unauthorized

modifications to the safety system.

The following tools can be employed for security reasons in a SIL2-certified

ControlLogix application:

• Source Protection
• FactoryTalk® AssetCentre
• FactoryTalk® Security

In RSLogix 5000® software, V18 and later, and in the Studio 5000 Logix

Designer® application, tags have two attributes: External Access and Constant.

External Access controls access from external applications like HMIs. It can have

values of read/write, read-only, or none. Set all SIL 2 safety-related tags to

read-only. The Constant attribute is either on or off. When enabled, it helps

IMPORTANT

This document does not cover the specifics of creating the application code. It is
assumed the use knows the requirements of IEC-61511 and their specific
application when designing their system. This document only covers the steps
if it is necessary for ControlLogix to meet SIL 2.

«
...
13
14
15
16
17
...
»

Summary of Contents for Allen-Bradley ControlLogix SIL 2

Page 1: ...Using ControlLogix SIL 2 with 1715 I O Catalog Numbers ControlLogix 5570 1715 AENTR 1715 IB16D 1715 IF16 1715 OB8DE 1715 OF8I Reference Manual OriginalInstructions...

Page 2: ...nformation circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of Rockwell Automation Inc is prohibited T...

Page 3: ...gurations 14 Application Development Requirements 15 Security 15 Safety SIL Task 16 Setting the SIL2 Task Period Configuration 17 Forcing 17 Verify Download 17 HMI Precautions 18 Reading Data 18 Writi...

Page 4: ...4 Rockwell Automation Publication 1715 RM001A EN P June 2019 Table of Contents Notes...

Page 5: ...You must follow your own local laws and regulations and refer to your own local or supplied system safety manual installation and operator maintenance manuals Ultimately you are responsible to apply...

Page 6: ...systems There is usually some confusion between GuardLogix and ControlLogix SIL 2 since GuardLogix can be used in a SIL 2 system and it is based on ControlLogix In this guide we refer to ControlLogix...

Page 7: ...esigned to operate in a safety system there is no longer any need for special wiring or IFMs to use ControlLogix in a SIL 2 manner Either or Both the I O system or controller system can be simplex or...

Page 8: ...ll SIL 2 capable since 1756 ControlLogix is capable of running SIL 2 with one controller or 1715 I O module It is up to the user if they want to continue running in this state ControlLogix Redundancy...

Page 9: ...If there is a redundancy switch over it is always recommended to investigate why it switched over IMPORTANT When programming your redundant system program so your redundancy system status is continuou...

Page 10: ...producer Unicast I O is not supported in a redundancy system If you attempt to use consumed Unicast connections disqualification occurs and qualification of an unsynchronized redundant chassis pair i...

Page 11: ...nd settings based on a simplex system and then make it redundant You should never communicate with the controller in the secondary chassis other than to obtain diagnostics RedundancySystemDetails Two...

Page 12: ...IP communication cards Use of a 1756 EN2TR or 1756 EN2TRXT is required to achieve SIL 2 in the application Other EtherNet IP communication modules 1756 ENBT 1756 EN2T 1756 EN2TXT can be used for non s...

Page 13: ...Run No online changes are possible Program This stops the execution of the application code and allow online changes Remote This software enabled mode can be Program or Run In this mode you can make o...

Page 14: ...ese SIL 2 architectures are for fail safe low and high demand applications All SIL 2 architectures can be used for de energize to trip applications With special precautions CLX 1715 SIL 2 can be used...

Page 15: ...actices A test plan is documented and adhered to including well understood proof test requirements and procedures A well designed validation process is defined and implemented A well designed Manageme...

Page 16: ...y controller for things like determining the status of the redundancy system or diagnostics does not violate the above statement since there are no BPCS Basic Process Control System control elements p...

Page 17: ...receives packets with this inconsistency and discard the data From the controller you will notice SIL 2 Reset Needed on both the AOI and AOP The ability to manually control 1715 inputs and outputs wou...

Page 18: ...iginal project name HMI Precautions You must exercise precautions and implement specific techniques on HMI devices These precautions include but are not limited to the following Limited access and sec...

Page 19: ...he following sequence of events occurs 1 The new variable must be sent twice to two different tags that is both values must not be written to with one command 2 Safety related code that executes in th...

Page 20: ...20 Rockwell Automation Publication 1715 RM001A EN P June 2019 Chapter 2 Features of the ControlLogix SIL 2 System Notes...

Page 21: ...o cross wiring of outputs to inputs is needed any longer nor is the requirement to have two separate I O chassis for Fault Tolerance For hardware selection refer Chapter 6 of Redundant I O System User...

Page 22: ...lication 1715 RM001A EN P June 2019 Chapter 3 Using the 1715 I O Figure 6 Typical Duplex Configuration IMPORTANT For duplex configurations a SIL 2 fault tolerant architecture has dual input dual adapt...

Page 23: ...e modular architecture lets you build and adapt a system to suit the specific needs of an installation The architecture lets you choose from different levels of I O fault tolerance Any of the modules...

Page 24: ...only to form the backplane for the system Termination assemblies are available in Simplex and Duplex configuration They mount onto the 1715 A3IO I O module base unit and connect the I O modules to th...

Page 25: ...1715 RM001A EN P June 2019 25 Using the 1715 I O Chapter 3 1715 AENTRAdapterRedundantPair The 1715 adapter communicates via the EtherNet IP network using CIP protocol to a 1756 ControlLogix controlle...

Page 26: ...01A EN P June 2019 Chapter 3 Using the 1715 I O 1715 A2AAdapterBaseUnit The adapter base unit holds a pair of adapters It also contains connectors for power 2 and network connections 4 The network con...

Page 27: ...next to a duplex pair There is no need to leave a space empty 1715DigitalandAnalogI Omodules Your system can be configured with any combination of I O modules and in either Simplex or Duplex mode The...

Page 28: ...duplex TA that provides fault tolerant operation for eight digital output channels and mates with redundant 1715 OB8DE digital output modules A 1715 TADIF16 16 channel duplex TA that provides terminat...

Page 29: ...mounted and connections are chained together from left to right Figure 8 Module Placement Description Item Description 1 Adapter base unit 2 Adapter A module 3 Adapter B module 4 I O base unit 5 Simp...

Page 30: ...30 Rockwell Automation Publication 1715 RM001A EN P June 2019 Chapter 3 Using the 1715 I O Notes...

Page 31: ...using 1715 and ControlLogix SIL 2 IMPORTANT TheT VRheinlandGrouphasapprovedthe1715RedundantI OSystemforuse in safety related applications up to and including SIL 2 according to these standards IEC 61...

Page 32: ...vailability but doesn t add to the safety capability Ethernet The Ethernet architecture has no effect on SIL 2 safety functions You can use any appropriate Ethernet network for your application From a...

Page 33: ...state values The module enters a Shutdown mode when the time between controller communications exceeds the CRTL If a module fails then all of its channels are set to the de energized state Output mod...

Page 34: ...etermines how long the connection can operate with old data before going to its configured safe state For an input module if the CRTL expires before the Add On Instruction detects valid data the value...

Page 35: ...tasks to complete Even if you do not use any other tasks there are still other internal tasks running like communications In other words if the SIL 2 periodic task is set too low it is possible to us...

Page 36: ...that a duplex module only requires one Add On Instruction 1715 SIL 2 Add On Instructions must be imported into the RSLogix 5000 project Import only the Add On Instructions you need based on your SIL...

Page 37: ...n Instructions you do not read inputs directly from the input table nor do you write directly to the output tags You read inputs from an Add On Instruction tag that is called reconciled input data and...

Page 38: ...38 Rockwell Automation Publication 1715 RM001A EN P June 2019 Chapter 4 Using1715 Hardware in a ControlLogix SIL 2 System...

Page 39: ...a ControlLogix SIL 2 System Chapter 4 InputDataSystem Input modules send data only one way from the input module to the controller OutputDataSystem Output modules send data both ways Status is sent fr...

Page 40: ...s must be fitted with external line and load integrity monitoring and safety critical read back of the line status signals Any line or load failure must trigger an alarm See 1715 UM001 for more inform...

Page 41: ......

Page 42: ...ourcalldirectlytoatechnicalsupport engineer http www rockwellautomation com global support direct dial page Literature Library Installation Instructions Manuals Brochures and Technical Data http www r...

Reviews:

No comments

Related manuals for Allen-Bradley ControlLogix SIL 2

Brand: IBM Pages: 12

Brand: K&K Pages: 10

DBI SALA Pro Series

Brand: 3M Pages: 24

medialon Showmaster Go

Brand: 7th Sense Pages: 2

Brand: MacDon Pages: 32

Brand: K&K Pages: 6

Brand: National Instruments Pages: 14

Brand: National Instruments Pages: 31

Brand: National Instruments Pages: 50

Brand: National Instruments Pages: 24

Brand: National Instruments Pages: 13

Brand: National Instruments Pages: 21

Brand: National Instruments Pages: 39

Brand: National Instruments Pages: 22

Brand: National Instruments Pages: 8

Brand: National Instruments Pages: 20

Brand: National Instruments Pages: 9

FIeldPoint FP-AO-200

Brand: National Instruments Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands