ABB System 800xA Operations page 15

Section 1 Safety Operator Warnings
When establishing a safety critical communication link using MMS, the UniqueID
parameter represents the safety identification of the data and it is the users
responsibility to ensure that it is unique within the available System networks
The UniqueID shall be identical in the MMSDefxxx and MMSReadxxx.
The Control Modules MMSReadxxx provides parameters SILOutx showing the SIL
level of the communicated data. The application shall ensure that the data origins
from the same or higher SIL before it can be used in any way that can interfere with
the safety action of the SIL classified Application.
Data originating from SILxRestricted System Functions/Library types and data
originating from NONSIL marked parameters (see Appendix A, Certified
Libraries), shall not be communicated via the MMSDefxxx Control modules. If this
restriction is violated in a SIL3 application, it might result in a SafetyShutdown of
the related AC 800M HI controller(s).
When safety critical signals are communicated between Applications (in the same
or different controllers), the FDRT
calculated to match the process safety time of the controlled process. Requirements
for process safety time given in relevant application standards (e.g. EN 298) shall be
considered and fulfilled.
The Control Module MMSReadHI provides acknowledge functionality which is
default disabled. If the acknowledge functionality is enabled it is the end users
responsibility to be aware of that the Valid parameter will be set to True when the
communication is restored. Acknowledge functionality shall be disabled for
Machine Safety applications.
In Applications where inputs reside in other Applications (and other controllers),
the design shall take into consideration the possibilities that the "remote" inputs can
be forced independent of the Force Control setting of the "local" Application.
Positive or Negative Logic
A philosophy for using either positive or negative logic shall be established and
followed consistently for the whole plant. Naming of variables should reflect this
philosophy to avoid confusion.
1. The Unique ID is created within the safe environment and transferred from the server to the client inside every
data package for safe verification of correct connection.
2PAA110888-600 - Warnings based on 3BNP004865-600 RevA
of the communication subsystem shall be
MMS
Warnings
(1)
.
15