Rules Governing the Use of the S5-115F
S5-115F Manual
•
Safety requirements to be met by the user program
If you want to prevent processes being shut down immediately after the occurrence of the first
I/O error, always use
-
I/O ETV 3 with signal group 28
-
I/O ETV 4 with signal group 27 or 28
The responses to these I/O errors are usually individual in nature and must be adapted to the
process. For this reason, error response cannot be implemented from the operating system.
Error response must be initiated and monitored from the user program.
Note
When using I/O ETV 3 with signal group 28 or I/O ETV 4 with signal group 27 or 28,
responsibility for the response rests solely with the operator.
The user program can make two different safety responses to I/O errors:
The process is switched off for a short time when the first I/O error occurs. Operating
personnel are informed (e.g. by a bleeper) and the system waits for acknowledgement.
After acknowledgement, the process is resumed by qualified personnel in the ”Supervised
operation” mode.
Proof is required here that the process can be resumed by qualified personnel under these
conditions until it reaches a point at which it can be meaningfully shut down.
The user program is responsible for switching off the process no later than the end of the
second error occurrence time.
The process is not yet switched off on occurrence of the first I/O error. The user program
ensures that the process is shut down in a safe state (failsafe), i.e. a second I/O error must
not be allowed to give rise to a dangerous situation.
10-64
EWA 4NEB 811 6148-02