• output processing elements (PEo) transferring safety related data to the remote controller connected to the
actuator
• in 1oo2 architecture, potentially a further voting processing element (PEv)
• the computation processing elements can be involved (to the extent depending to the target safety integrity)
in the implementation of local software-based diagnostic functions; this is represented by the block PEd
• processes external to Compliant item ensuring safety integrity, such as watchdog (WDTe) and voltage
monitors (VMONe)
The role of the PEv process is clarified in Section 3.2.4 Reference safety architectures - 1oo2. The role of the
WDTe and VMONe external processes is clarified under Section 3.6 Hardware and software diagnostics:
• WDTe: refer to External watchdog – CPU_SM_5 and Control flow monitoring in Application software –
CPU_SM_1,
• VMONe: refer to Supply voltage internal monitoring (PVD) – VSUP_SM_1 and System-level power supply
management - VSUP_SM_5.
In summary, Devices support the implementation of End user safety functions consisting of three operations:
• safe acquisition of safety-related data from input peripheral(s)
• safe execution of Application software program and safe computation of related data
• safe transfer of results or decisions to output peripheral(s)
Claims on Compliant item and computation of safety metrics are done with respect to these three basic
operations.
According to the definition for implemented safety functions, Compliant item (element) can be regarded as type B
(as per IEC61508-2, 7.4.4.1.3 definition). Despite accurate, exhaustive and detailed failure analysis, Device has
to be considered as intrinsically complex. This implies its type B classification.
Two main safety architectures are identified: 1oo1 (using one Device) and 1oo2 (using two Devices).
3.2.3 Reference safety architectures - 1oo1
1oo1 reference architecture (Figure 3) ensures safety integrity of Compliant item through combining Device
internal processes (implemented safety mechanisms) with external processes WDTe and VMONe.
1oo1 reference architecture targets safety integrity level (SIL) SIL2.
Figure 3. 1oo1 reference architecture
PEc
Actuators
WDTe
Sensors
VMONe
PEoPEi
PEd
UM2305
Compliant item
UM2305 - Rev 10
page 6/110
To Next Page
Loading...
Need help?
General
