Section 1 Safety Operator Warnings
Warnings
2PAA110888-600 - Warnings based on 3BNP004865-600 RevA
13
Operator Interface
If used, the Reset all Forces input shall be connected to an impulse type panel
button.
Software Architecture - Applications
Change of task connection of a SIL3 application shall always be followed by a cold
restart of the controller.
Software Architecture - Combined SIL and non-SIL Classified Applications
For all safety critical Applications, correct SIL shall be selected in Control Builder
M Professional.
Communication Between Applications
All SIL Communication Variables must have an ISP value connected. Keep Current
Value is not allowed.
Data originating from SILxRestricted System Functions/Library types and data
originating from NONSIL marked parameters (see Appendix A, Certified
Libraries), shall not be communicated via IAC CV. If this restriction is violated in a
SIL3 application, it might result in a Safety Shutdown of the related AC 800M HI
controller(s).
SIL IAC between SoftControllers are not affected by the configured ExpectedSIL.
Care should be taken when changing from simulated to nonsimulated safety
controllers.
When establishing a safety critical communication link using IAC, the UniqueID
parameter represents the safety identification of the data and it is the user's
responsibility to ensure that it is unique within the available System networks.
(1)
Note! Remember to change the UniqueIDs if PPA systems are cloned (e.g. in case
of multiple PPA systems on the same network).
For IAC communication between different PPA Systems, the IP addresses must be
explicitly defined.
1.
The Unique ID is created within the safe environment and transferred from the server to the client inside every
data package for safe verification of correct connection