Safety-Related Application/Area

Note
Term definition: Standard = non-safety-related
The term "standard" always refers to non-safety-related items/objects. Examples: a standard process data item is only read/written by a non-safety-related I/O device, i.e., a standard device. Standard variables/functions/FBs are non-safety-related data. The term "standard controller" designates the non-safety-related controller.

PLCnext Engineer supports the complete implementation of a safety-related application if a Safety PLC is included in your project.
This includes:

adding of safety-related devices to the PLANT
safety-related device parameterization
programming of safety-related code
handling of safety-related I/Os (mapping of safety-related process data items to safety-related variables)
use of exchange variables for implementing data exchange between the non-safety-related controller and the Safety PLC (mapping of safety-related variables to non-safety-related variables)

Note
Safety-related code and data processed in and generated by PLCnext Engineer is based on the IEC 61131-3 standard and meets the safety requirements defined in the standards IEC 61508, EN IEC 13849 and EN 62061 (depending on the language profile set in the project).

Further Info
Observe the safety-related hazard messages while editing the project.

Use the button shown left on the main toolbar or commands in the 'View' menu, to show or hide safety-related objects in the PLANT and the COMPONENTS area.

This topic contains the following sections:

Separation of safety-related and standard application

In the project, the standard (non-safety-related) controller and the Safety PLC are strictly separated. Each of it executes its own application, has its own global variables, and its own runtime configuration. Therefore, the Safety PLC is represented by its own icon in the PLANT. The safety-related project data (device structure, code, and device parameterization) as well as the configuration and operation mode of the safety-related controller are protected by two separate passwords. For editing safety-related parts of the project, you have to logon to the Safety-related Area.

Dual password protection

Both the safety-related project data (device structure, code, and device parameterization) and the configuration and operation mode of the Safety PLC are protected by two separate passwords:

The Safety PLC itself is protected by a controller password. Writing data to the Safety PLC or switching its operation mode is only possible after entering the Safety PLC password in PLCnext Engineer.
Refer to the topic "Safety PLC Password Protection" for details.
On engineering side (in PLCnext Engineer), a project password enables safety-related editing of the PLANT, the COMPONENTS area, code and variables. Safety-related parts of the project can only be edited while being logged on to the so-called Safety-related Area. This is an area of responsibility restricted to authorized members. Safety-related data can be displayed in read-only mode, while you are logged off.

The safety-related code and data processed in and generated by PLCnext Engineer is based on the IEC 61131-3 standard and meets the safety requirements defined in the standards IEC 61508, EN IEC 13849 and EN 62061 (depending on the language profile set in the project).

Optical marking of safety-related data

To facilitate the distinction of safety-related and non-safety-related elements and data, the following applies:

Safety-related types and instances in the COMPONENTS area and in the PLANT are indicated by the overlay icon.
Safety-related variables (data types) in SNOLD code worksheets, variables tables and Data Lists (see next section) are shown with a yellow color marking.

Safety-related code in SNOLD worksheets

Safety-related and standard (non-safety-related) code is strictly distinguished in PLCnext Engineer. Therefore, safety-related POUs are edited in separate SNOLD (Safety Network Oriented Ladder) code worksheets, programmed with the safety-related network-oriented graphic editor. Basically, the SNOLD editor works like the NOLD editor and provides additional safety-related features.

The SNOLD editor performs a continuous verification of the worksheet data consistency. Any detected inconsistency (i.e., possible data corruptions) results in an editor error and a safety violation notification is output in the MESSAGES window.

Safety-related editors can easily be identified by the editor title bar with hatched background.

See section "Similarities and differences between FBD/LD, NOLD and SNOLD" for details.

Functional language range in SNOLD: LVL or FVL: Compared to the functional range of standard FBD/LD, some restrictions apply in SNOLD regarding the available language objects. Which restrictions these are depends on your application and the applicable safety requirements. Depending on the applicable safety regulations and standards, PLCnext Engineer supports a Limited Variability Language (LVL) or a Full Variability Language (FVL). FVL comprises more language objects and possibilities as LVL. Jumps, for example, are only available in an FVL.
To specify the available language elements (LVL or FVL) and set the applicable standard this way, choose 'Project > Change Language Profile' and select the desired profile in the appearing selection dialog. You have to be logged on to the Safety-related Area for this purpose.

Separation of safety-related and standard code: Safety-related and standard (non-safety-related) code is strictly distinguished in PLCnext Engineer. Therefore, also safety-related and standard variables, or more precise, data types, are distinguished.

Standard (non-safety-related) IEC 61131-3-compliant data types. This includes elementary and user-defined data types.
Safety-related elementary data types.
In safety-related code worksheets, safety-related and standard variables can be mixed and directly connected to each other. This corresponds to an implicit data type conversion which requires some rules to be observed.

For easier distinction of standard and safety-related variables, all safety-related variables are displayed with a yellow color marking in safety-related SNOLD code worksheets and variables grids. Variables of standard data types are shown without color marking. While programming safety-related FBD/LD code in SNOLD worksheets, the continuous data flow analysis in the SNOLD code highlights the leading safety-related signal paths of a network by displaying them as thick yellow lines. Refer to the topic "Mixing Safety-related and Standard Types in SNOLD Worksheets" for details.

Safety-related Project and POU Information

PLCnext Engineer provides several editors that show safety-related checksum information.

You can use these checksums to find out whether the project or POUs (code/variables) have been modified compared to older project versions. For that purpose, you have to manually compare each checksum with the relating CRC in the printed project documentation of the older, archived project version.

The following editors are available:

The 'Project' node in the PLANT provides the 'Safety Information' editor which displays various checksum which were calculated over safety-related data on project level. Also refer to the table "Details on checksums on project level" below.
Each user-defined POU type in the COMPONENTS area (category 'Programming | Local') provides a 'Safety Information' editor. Here, the checksums are listed which were calculated for each verified network after setting the verification mark.
Refer to the topic "Verification Mark for SNOLD Code Sections ‣ POUs
×‣ Verification Mark for SNOLD Networks
×" for details.

Both editors provide an export function which creates an Excel file containing the data visible in the editor.

Note
These checksums are relevant when comparing safety-related project parts using the project comparison feature.

Details on checksums on project level

Safety Log

Any editing operations and messages that relate to safety-related project parts are written to the persistent safety message log, or Safety Log in short. Persistent means that the log cannot be deleted by the user.

The Safety Log can be displayed by clicking the 'Safety Log' button in the MESSAGES window which is part of the Cross Functions Area.

The Safety Log is sealed by a checksum which enables the detection of data corruption in the log file.

The following operations and messages are written to the Safety Log:

Any verification of a safety-related code network in SNOLD.
Insertion, deletion or renaming of a safety-related POU in the COMPONENTS area or code worksheets in a safety-related POU.
Insertion or deletion of a safety-related device in the PLANT.
Editing the parameter values of a safety-related device.
Confirmation of a safety-related role mapping, i.e., of an assignment between a safety-related variable and a safety-related process data item (by selecting the 'Confirm' checkbox in the Data List of the Safety PLC).
Any reported safety violation message.
Any manual confirmation of the verification of data correctness (after a safety violation message or data integrity error message).

Every Safety Log entry contains the following information:

Date and time of the modification.
ID (Code) of the event type.
Type of modification.

Via the context menu, the Safety Log can be exported into a csv file.