16
Rockwell Automation Publication 1715-RM001A-EN-P - June 2019
Chapter 2
Features of the ControlLogix SIL 2 System
prevent programmatic changes of a tag's value. Where possible, it is highly
recommended to configure SIL 2 safety-related tags as Constant.
Always take proper physical security precautions to achieve safe operation of the
system. The following is a list of recommended precautions.
• Keep the controller and IO chassis in a locked cabinet and limit access to
only those that need access
• Secure all network access points either by physically disabling them or
making sure that they are in locked cabinets
• Keep all passwords secure
• Configure role-based access to the system
• Install network-based firewalls with proper configurations
Safety SIL Task
Include one Periodic task designated as the Safety task composed of programs
and routines to contain the user application. The SIL 2 task must be the highest
priority task of the controller and the user-defined watchdog must be set to
accommodate the SIL 2 task.
Having a non-safety task in the safety controller for things like determining the
status of the redundancy system or diagnostics does not violate the above
statement since there are no BPCS (Basic Process Control System) control
elements present.
Confirm that the properties of the task that is used for safety is configured
correctly for your application.
• Watchdog: the value that is entered for the SIL 2 safety task must be large
enough for all logic in the task to be scanned.
If the task execution time exceeds the watchdog time, a major fault occurs on the
controller. Even if you are using redundant controllers the watchdog is set the
same in both controllers automatically and the new primary will eventually fault
as well if the cause was just a too tight watchdog setting. You must monitor the
watchdog and program the system outputs to transition to the safe state (typically
the OFF state) if there is a major fault occurring on the controller. See
- Using the1715 I/O.
IMPORTANT
You must dedicate a specific task for safety-related functions and set that task
to the highest priority (1). If you decide to use non-safety logic in the same
controller, that code must be separate.
It is recommended to use separate controllers for safety-related code and
Process Control non-safety code.