4 PRECAUTIONS FOR USE OF SAFETY PROGRAMMABLE CONTROLLER
4.1 Precautions for Designing Safety Application
27
4
4.1 Precautions for Designing Safety Application
Response time
The response time is a time from the safety input off to the safety output off using the safety programmable controller.
The response time is needed for determining the safety distance for a safety system.
For calculation of the response time of a system to be configured, refer to the following description.
Page 234 Calculating Safety Response Time for System Configured with a Safety CPU
Calculation of the target failure measure (PFDavg/PFH)
The target failure measure (PFDavg/PFH) is a target value of reliability for each SIL level defined in IEC61508: 2010. (Refer to
Page 21 SIL)
When the safety system using the safety programmable controller is configured, a safety application shall configure a safety
path, including a safety switch through the safety actuator. For example, if the following PFDavg/PFH for safety devices on the
safety path does not meet the SIL required value described in Page 21 SIL and target failure measure (PFDavg/PFH), the
safety application cannot reach the required SIL.
Calculate the PFDavg/PFH for each safety application using the following formula. If the safety path goes through the same
safety device multiple times, add PFDavg/PFH for each safety device one time only.
PFDavg/PFH = (PFDavg/PFH of A) + (PFDavg/PFH of B) + (PFDavg/PFH of C) + (PFDavg/PFH of D) + (PFDavg/PFH of E)
*1 When performing safety communications between Safety CPUs on the safety path, add PFDavg/PFH for the Safety CPU (paired with
the safety function module) performing safety communications on the safety path. Add no PFDavg/PFH for the Safety CPU (paired with
the safety function module) not performing safety communications on the safety path, even if it is on the same network.
*2 When using an extension module (NZ2EXSS2-8TE) connected to the main module (NZ2GFSS2-32D) as a safety remote I/O module,
perform the calculation using PFDavg/PFH connecting the extension module to the main module.
*3 For PFDavg/PFH, refer to the manuals for the safety components used.
*4 When the safety application includes multiple safety switches or safety actuators, perform the calculation by adding all PFDavg/PFH for
the safety remote I/O module, safety input device, and safety output device connected to the device.
This indicates PFDavg/PFH related to the safety programmable controller.
*5 Proof test interval is 10 years (module replacement cycle)
*6 Proof test interval is 5 years (module replacement cycle)
*7 The PFDavg and PFH values are for when the module is used at the ambient temperature of 40.
Calculation examples are described as a line topology. However, calculation is possible using the methods described in this
section regardless of the connection methods (such as line topology, star topology, or ring topology).
Variable Definition
A
*1
Safety CPU (paired with safety function module)
B
*2*4
Safety remote I/O module connected to safety input device
C
*4
Safety remote I/O module connected to safety output device
D
*3*4
Safety input device
E
*3*4
Safety output device
Module PFDavg PFH
PFDavg/PFH of Safety CPU (paired with safety function module)
*5*7
1.02 10
-5
5.50 10
-9
PFDavg/PFH of the safety remote I/O
module
*6*7
Main module only (NZ2GFSS2-32D) 3.54 10
-5
3.55 10
-9
Main module only (NZ2GFSS2-8D) 2.44 10
-5
7.31 10
-9
Main module only (NZ2GFSS2-8TE) 2.43 10
-5
6.67 10
-9
Main module only (NZ2GFSS2-16DTE) 2.52 10
-5
1.05 10
-8
Connecting extension module to the
main module (NZ2GFSS2-32D +
NZ2EXSS2-8TE)
4.66 10
-5
4.78 10
-9
To Next Page
Loading...
