• Home
• Function/Function Block Reference
• Safety-Related PLCopen Function Blocks
• SF_ModeSelector
• Implementation of safety requirements from applicable standards

Implementation of safety requirements from applicable standards

The function block has been developed according to the safety requirements (from applicable standards) listed in this section. All other requirements from these standards must be observed when implementing the safety-related function.

This section describes either how the function block meets the requirements of the standards or what measures need to be taken to meet the requirements of the standards.

Standards	Context/Requirement	Implementation
MRL 98/38/EC	Start-up	The function block monitors the signals of a connected mode selector switch for plausibility after a specified time slot (time set at ModeMonitorTime) has elapsed, provided that the outputs have not been locked to prevent switchover (in other words, if S_Unlock = SAFETRUE). For every input combination at the S_ModeX inputs, only one input signal must show the SAFETRUE state at any given time. In addition, it is not permissible for all the S_ModeX inputs to show the SAFEFALSE state. Signals which deviate from these specifications after the time slot has elapsed are detected as errors by the function block. The function block also monitors any adjustment of the connected mode selector switch if the outputs are not locked to prevent switchover (in other words, if S_Unlock = SAFETRUE). If the function block then detects a change in state at one of the S_ModeX inputs, it switches the S_ModeXSel outputs to SAFEFALSE. As an option (AutoSetMode = FALSE), a signal change from SAFEFALSE to SAFETRUE at the S_SetMode input is required in this state to accept the modifications to the signal combination at the S_ModeXSel outputs. You can lock the values output by the S_ModeXSel outputs to prevent them being modified by switching the S_Unlock input from SAFETRUE to SAFEFALSE at the function block while the output signal combination is being output at the S_ModeXSel outputs.
EN ISO 12100-2	Selection of control and operating modes	The function block makes it possible to lock a signal combination output at the S_ModeXSel outputs, in order to prevent switchover. This involves switching the S_Unlock input from SAFETRUE to SAFEFALSE while the output signal combination is being output at the S_ModeXSel outputs. Once this has been done, a modification made at the S_ModeX inputs will have no effect on the S_ModeXSel outputs. Using the signal combination at the S_ModeXSel outputs, perform logic operations with the safety-related application in order to implement the requested operating mode in the safety-related application in terms of both its programming and control aspects. These logic operations must be implemented in the program in such a way that the functions you have defined (e.g., manual mode, automatic mode) are disabled or locked by means of a SAFEFALSE signal. With a SAFETRUE signal and a corresponding AND operation, the defined functions are enabled by the program. Note Plan, implement, and validate the operations according to the results of the risk analysis you performed.
EN 60204-1	Operating modes	The safety-related function block makes it possible to lock a signal combination output at the S_ModeXSel outputs, in order to prevent switchover. This involves switching the S_Unlock input from SAFETRUE to SAFEFALSE while the output signal combination is being output at the S_ModeXSel outputs. Once this has been done, a modification made at the S_ModeX inputs will have no effect on the S_ModeXSel outputs. The function block also monitors any adjustment of the connected mode selector switch if the outputs are not locked to prevent switchover (in other words, if S_Unlock = SAFETRUE). If the function block then detects a change in state at one of the S_ModeX inputs, it switches the S_ModeXSel outputs to SAFEFALSE. As an option (AutoSetMode = FALSE), a signal change from SAFEFALSE to SAFETRUE at the S_SetMode input is required in this state to accept the modifications to the signal combination at the S_ModeXSel outputs.
EN ISO 13849-1	Manual reset device	The Reset input supports the function of the manual reset device. Note Resetting does not occur with a negative (falling) edge, as specified by standard EN ISO 13849-1, but with a positive (rising) edge. To implement the reset with a falling edge (with regard to the mandatory acceptance procedure), use the safety-related function block SF_Reset.
EN ISO 12100-2	Start-up after failure of supply voltage/spontaneous restart	As an option, the safety-related function block supports a start-up inhibit after the Safety PLC has started up (AutoSetMode = FALSE) after a modification to the signal combination at the M_x inputs S_ModeX (AutoSetMode = FALSE) or after a function block error message (Error = TRUE). You are responsible for planning and implementing the start-up behavior according to your risk analysis. To prevent an unintended start-up, you may need to perform an additional function start once the safety-related function has been reset. This will depend on the results of the risk analysis, the signal path of the reset signal, and/or the signal at the S_SetMode input.
EN ISO 13849-1	Category B to 4	Error detection at the S_ModeX inputs: The safety-related function block monitors the signals of a connected mode selector switch for plausibility after a specified time slot (time set at ModeMonitorTime) has elapsed, provided that the outputs have not been locked to prevent switchover (in other words, if S_Unlock = SAFETRUE). For every input combination at the S_ModeX inputs, only one signal must ever show the SAFETRUE state. This means that any potential cross circuits (more than one SAFETRUE signal at the S_ModeX inputs) are detected by the function block. In addition, it is not permissible for all the S_ModeX inputs to show the SAFEFALSE state. Signals which deviate from these specifications after the time slot has elapsed are detected as errors by the function block. This means that any potential open circuits (all signals at inputs S_ModeX = SAFEFALSE) are detected by the function block if the open circuit interrupts an operating mode request at the S_ModeX inputs. For all other signals: Single-channel or two-channel connection must be established depending on the category. Note Cross-circuit monitoring is not performed by the function block. It is your responsibility to perform this monitoring function outside of this function block in the safety-related control system.
EN 60204	Stop functions	The safety-related function block (enable signal) executes stop category 0.