Wiring
6.2 Additional rules and regulations for the operation of the ET 200SP with fail-safe modules
Distributed I/O system
System Manual, 09/2019, A5E03576849-AJ
89
6.2.2 Requirements for sensors and actuators for fail-safe modules and fail-safe
motor starters
General requirements for sensors and actuators
Note the following important warning regarding safety-related use of sensors and actuators:
Note that instrumentation with sensors and actuators bears a considerable
. Also bear in mind that sensors and actuators generally do not have proof-
intervals of 20 years as defined in IEC 61508:2010 without considerable loss of safety.
The probability of hazardous faults and the rate of hazardous faults of safety functions must
comply with an SIL-defined high limit. A listing of values achieved by F-modules in the
technical specifications of the F-modules is available under "Fail-safe performance
characteristics".
To achieve the required safety class, suitably qualified sensors and actuators are
necessary.
Additional sensor requirements
General rule: To achieve SIL3/Cat. 3/PLe, a single-channel sensor is adequate. However, to
achieve SIL3/Cat. 3/PLe with a single-channel sensor, the sensor itself must be
SIL3/Cat. 3/PLe-capable; otherwise the sensor must be connected by two channels to
achieve this safety level.
To achieve SIL3/Cat. 4/PLe, sensors must be connected by two channels.
In the case of fail-safe input modules, the value "0" is output to the F-CPU after detection of
faults. You therefore need to make sure that the sensors are implemented in such a way as
to ensure the reliable reaction of the safety program when the sensor is in the "0" state.
Example: In its safety program, an EMERGENCY-STOP sensor must achieve the
shutdown of the relevant actuator when it is in the "0" state (EMERGENCY-STOP button
pressed).
To Next Page
Loading...
