Table of Contents
Advertisement
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Safety-Related Shutdown of Standard Output Modules
Refer to the Internet
(http://support.automation.siemens.com/WW/view/en/12461959/133300) for a list of all the
standard ET 200S modules.
Safety-related activation of standard DO module outputs is not possible. Only safety-related
shutdown is possible. The following issues must therefore be taken into consideration:
In the worst case you must consider all possible faults of the standard DO modules and the
programs controlling them for which the faults cannot be found directly. For example, the
PM-E F pm DC24V PROFIsafedoes not detect external short-circuits to L+ at the standard
DO module outputs. All faults developing at the standard DO modules influence the
process via final controlling elements. The process status must be made known to the F-
CPU by way of sensors and a suitable safety program.
Diagnostic functions must be handled indirectly in the controlled process since the self-test
function of standard DO modules cannot be used to detect safety-critical faults: The safety
control function does not intervene in the faulty process as long as hazards can be
excluded. However, it shuts down the system if the process develops unwanted or
potentially dangerous activities.
Consequently, instead of the short fault reaction times defined in S7, the reaction time to
internal faults in standard DO modules is determined by the controlled process and its
corresponding feedback signals.
Safety-related process values must be
• safely
• read in by way of fail-safe input modules, such as an F-DI,
• prepared by the F-CPU for command output and
• output at the fail-safe output module for shutdown of the corresponding safety relay or
• output at the fail-safe power module PM-E F.
If the process does not respond as expected due to malfunctions within a process or faulty
standard DO modules, these standard DO modules must be set to safe state by way of the
higher-level safety circuit.
The process safety time is of particular importance here. Risks due to any malfunctions
within the process control system can be ruled out within this process safety time.
The safety program must react in a safety-related and logically suitable fashion to
unwanted or potentially dangerous states in the process via the PM-E F pm DC24V
PROFIsafe and fail-safe output modules.
If you want to avoid the problems described above completely, we recommend that you use
P/M-switching fail-safe electronic modules 4 F-DO DC24V/2A PROFIsafe with standard
ET 200S power modules (see
the
Property of safety-oriented tripping of standard DO modules with the PM-E F pm DC24V
PROFIsafe:
This cost-effective solution allows the full and simultaneous shutdown of all outputs involved
when a fault is detected in the process or on the PM-E F pm DC24V PROFIsafe.
Property of the individual shutdown of F-modules with fail-safe outputs:
The scope of shutdown is kept to a minimum when a fault is detected. It is also possible to
react to critical process states staggered over time, or to perform safety-related shutdown of
individual outputs.
64
WARNING
table "Assigning power modules to electronic modules / motor starters and safety class"
"Digital electronic module 4 F-DO DC24V/2A PROFIsafe"
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
and
).
Hide quick links:
Advertisement
Table of Contents
