Fail-Safe signal module (SM) diagnostics
6.2 Fault diagnostics
S7-1200 Functional Safety Manual
Manual, 02/2015, A5E03470344-AA
119
Diagnostics detect faults that can affect the integrity of safety-related I/O. The faults can be
in the fail-safe SM, communication with the CPU, or external circuits. Diagnostic information
is assigned either to a single channel or to the entire fail-safe SM.
Most diagnostics operate without user selection. You can configure the following diagnostic
options:
● Short-circuit testing using the digital input sensor supply can be enabled. The interval and
duration of short-circuit tests is configurable.
● The read-back times for 24 VDC digital outputs is configurable.
● The time-out intervals for failures in the safety communication or failure of a safety
program to run is configurable.
Refer to Chapter 5: "Fail-Safe signal module (SM) I/O configuration" for a complete
description of these options.
The safety-critical and validated action of the diagnostics is to passivate I/O when faults are
detected. The reporting of status and diagnostic results through the LED displays and
diagnostic messages is subject to single point failures in electronics or software. These
reports are offered as maintenance and debugging aids, but must be observed and
interpreted with caution.
In the presence of single faults, any or all LED indications can be wrong. You should not rely
solely on the presence or absence of red or green LED indicators to make safety decisions.
In the presence of single faults, diagnostic messages may fail to be delivered, or the
numerical event ID or text message can be wrong. You should not rely solely on the
presence, absence, or content of diagnostic reports to make safety decisions.
Diagnostic and status reports through LEDs and text messages are subject to single point
failure errors.
Reliance on such reported information to determine that a system or I/O point is in a safely
controlled state can result in death, severe personal injury, or property damage.
If the integrity of your fail-safe system is in doubt, you should use additional measures such
as restricted access or power removal to control hazards during maintenance and debug
activities.
To Next Page
Loading...
Need help?
General
