Safety of the Machine or System

This topic contains the following sections:

Safety of personnel and equipment

The safety of personnel and equipment can only be assured if the safety-related function blocks are used correctly. Note that responsibility for fault avoidance lies with the user.

WARNING

Non-conformance to safety function requirements

The operator bears sole responsibility for the safety of the machine or system.

Drawing up and implementing a safety concept

In order to use the safety-related function blocks described in this document, you must have drawn up an appropriate safety concept for your machine or system. This includes a hazard and risk analysis, as well as a test report for validating the safety-related functions.

The target safety integrity (SIL according to IEC 61508 and performance level according to EN ISO 13849-1) is ascertained on the basis of the risk analysis. The safety integrity level or category ascertained determines how you have to connect and use the safety-related function block within the overall safety-related function.

Within the safety-related control system you are using, the safety-related function block supports the following safety integrity requirements:

up to SIL 3 according to standard IEC 61508,
up to SILCL 3 according to standard EN 62061,
up to performance level e/Cat. 4 according to standard EN ISO 13849-1.

WARNING

Non-conformance to safety function requirements

Verify that your safety-related application implements all additional requirements resulting from applicable directives and standards in order to meet the required safety integrity requirements.

Safety-related verification and use of the recipe function blocks

The values stored in a recipe file can influence the behavior of the safety function.

Please note that you must carry out a validation every time you make a safety-related modification to your overall system. Use the relevant check lists for validation purposes.

Use your test report to ensure

that only correct values that correspond to the results of your risk analysis are written to and stored in the recipe files. These values must be suitable for your safety application.
Observe the first hazard message below this list.
that the function block inputs and outputs have been correctly linked to the safety-related variables and signals.
that all safety-related function blocks and functions in the safety-related code are connected correctly.
that the correct recipe file and data set within the file is addressed via the inputs IDRecipeFile and IDRecipeDataSet. Observe the second hazard message below this list.
It is recommended to manually keep a list in which the available recipes are assigned to numerical file IDs and data set IDs. Preferably, this list should include a brief description of the recipes.
When reading values from a recipe file, use the validation functions of the SF_RecipeRead function block by switching the respective check input (CheckDataSetCRC, CheckFileCRC, CheckProjectCRC, CheckSerialNumber) to SAFETRUE. These configurable validations help ensure that exactly the right data set is read and used in your safety application. (Independently of these configurable validations, the FB always checks the file/data set consistency by recalculating and comparing the file/data set CRC.)
Observe the third hazard message below this list and refer to the help section "Data validation (CRCs and serial number)" for details.
that multiple accesses by different recipe FB instances within one Safety PLC cycle are avoided or at least coordinated in a way that prevents the unintended modification or deletion of recipe values. Multiple access scenarios may not be considered as a fault and are therefore not prevented by the Safety PLC. It is your responsibility as an application developer to ensure that multiple accesses to recipe files are appropriately coordinated in the safety application.

Observe the following hazard messages when using the recipe function blocks.

WARNING

Non-conformance to safety function requirements

Verify that the values contained in the recipe data set to be read are up-to-date and correspond to the values delivered by your risk analysis.

Be sure that your risk analysis includes an evaluation for outdated or incorrect values read from the recipe data set.

Validate the overall safety-related function with regard to the up-to-dateness/correctness of the read values and thoroughly test the application.

WARNING

Non-conformance to safety function requirements

Verify that the value set at each ID input of the function block addresses the correct recipe file and/or data set.

Be sure that your risk analysis includes an evaluation for incorrectly setting the values at each ID input.

Validate the overall safety-related function with regard to the set input values and thoroughly test the application.

WARNING

Non-conformance to safety function requirements

Make certain that appropriate procedures and measures (according to applicable sector standards) have been established to verify that the read recipe data set has not been modified or belongs to another safety application in case that the CRC validations are deactivated (SAFEFALSE value at the input(s) CheckDataSetCRC, CheckFileCRC, or CheckProjectCRC).

Include in your risk analysis the impact of reading wrong recipe data from a modified or wrong recipe file while the CRC validations are deactivated.

Validate the overall safety-related function with regard to possible impact of reading data from a modified or wrong recipe file while the CRC validations are deactivated.