Overview
1.8 Terms for fail-safe operation
Mobile Panels 2nd Generation
Operating Instructions, 09/2018, A5E33876626-AC
25
Fail-safe automation system, F system
A fail-safe automation system is required in a plant with high safety requirements.
An F-system is characterized by the following features:
● Safety-related shutdown response of the system after the triggering of a stop or
emergency stop via a safety-related operator control.
● The confirmation of machine movements entailing danger via an enabling mechanism.
The following F-systems iIn conjunction with a fail-safe Mobile Panel are distinguished in this
document:
● Hardwired F-system: The safety-related operator controls are wired to a safety relay. If
one of the safety-related operator controls is activated, the safety relay triggers the safe
state or confirms a machine movement entailing danger in the F-system via the enabing
button.
● PROFIsafe-based F-system: The signals of the safety-related operator controls are
transmitted to the F-system via PROFIsafe.
Safety-related devices with fail-safe controllers communicate with PROFIsafe via
PROFINET to enable these devices to be used in fail-safe automation systems up to
SIL3. PROFIsafe implements safety-related communication with a special user data
format and a special protocol. PROFIsafe is specified for PROFINET in the standard IEC
61784-3.
If an unexpected event occurs during plant operation that poses a risk to persons or
equipment, the plant must respond with a defined safety shutdown. Protection of personnel
against physical injury can only be ensured if intervention in manufacturing processes, for
example during retrofitting or troubleshooting, is safe and secure.
Based on the risk analysis, the safety shutdown and therefore the shutdown response of the
plant must therefore be configured to ensure that the plant or plant area can be switched to a
safe operating state in the event of a risk.
In addition to the qualitative risk analysis required, the machine operator also has an
obligation to make a quantitative assessment of potential hazards. On this basis, the
operator must then establish what risks could arise during plant or plant area operation and
whether the relevant safety functions are sufficiently effective for the hazard in question.
The safe operating state is assigned to the fail-safe controller by a safety program. The plant
constructor is responsible for the required configuration which should be described in the
plant documentation.
To Next Page
Loading...
