16 Rockwell Automation Publication ICSTT-RM448M-EN-P - February 2021
Chapter 2 The AADvance Safety Controller
• An AADvance system provides a set of components that can be
configured to meet a range of safety and fault tolerance user
requirements within a single system such as - fault tolerant topologies
1oo1, 1oo2D and 2oo3.
• IEC 61508 certified, reviewed and approved for safety systems up to SIL 3
by independent certifying bodies.
• The scalable characteristics of the system enables independent safety
functions within the same system to be configured with different
architectures to meet a user specific safety and availability requirements.
• The main components that provide the safety architecture are the
processor and I/O modules; the remaining components provide secure
external interfaces and connectivity between the field elements and the
main components and add to the safety functionality.
• AADvance processor modules are designed to meet the requirements for
SIL 3 in a dual or triplicated configuration.
• Individual input modules are designed to meet the requirements for SIL
3 in simplex, dual or triple configurations.
• Individual output modules have been designed to meet the requirements
for SIL 3 in a simplex or dual configurations.
• Safe SIL 3 rated 'Black Channel' external communication over Ethernet.
Safety Configurations An AADvance system supports the following safety configurations:
Fail-safe
I/O modules fail-safe in the most basic simplex system.
SIL 2
SIL 2 architectures for fail-safe low demand applications. All SIL 2
architectures can be used for energize or de-energize to trip applications.
• SIL 2 low demand architectures
• SIL 2 fail safe architectures
• SIL 2 fault tolerant input architectures
• SIL 2 triplicated input architectures
• SIL 2 fault tolerant output architectures
• SIL 2 fault tolerant input/output architectures
SIL 3
SIL 3 architectures:
• SIL 3 de-energize to trip applications.
• SIL 3 energize to action applications when fitted with dual digital output
modules.
• SIL 3 simplex or dual output module architectures
• SIL 3 fail safe I/O fault tolerant processor architecture
• SIL 3 fault tolerant architecture
• SIL 3 fault tolerant simplex, dual and triple input architectures
• SIL 3 dual or triple processor architectures
• SIL 3 high demand applications where the required safe state is greater
than 4 mA, when fitted with dual analogue output modules (A ‘safe state’
To Next Page
Loading...
