1、TV Certification of ControlLogix for use in SIL 2 ApplicationsUpdated Jan 2005Copyright 2005 Rockwell Automation,Inc.All rights reserved.Whats New2Copyright 2005 Rockwell Automation,Inc.All rights reserved.Largest L55-class controller(-L55M16)System ComponentsAll Chassis varietiesStandard and Redund
2、ant AC/DC Power SuppliesSingle-ended Analog and Isolated Digital I/OOctober 2002 Initial Product Certifications(Ver 10.27)Smaller,more economical L55-class controller(-L55M13)Newer version ControlNet modules/Data Highway comms with DH/RIO module Isolated Analog and High Density DC Digital I/OApril 2
3、004 Expanded Product Selections(Ver 11.32)ControlLogix SIL2 Certification HistoryRedundancy Components are now certified for L55 Controllers L55 Controllers now can run on Version 13 firmware for Standard SIL2 Apps Faster L6x Series B Controllers certified at Version 13 functionalityMiscellaneous Ot
4、her System Components January 2005 L55 Redundancy&-L6x Series B New3Copyright 2005 Rockwell Automation,Inc.All rights reserved.Newly Certified Product Summary January 05Redundancy Components certified for L55 Controllers for Fault Tolerant SIL2 AppsVersion 13 Redundancy Firmware Release(Ver 13.53)Pr
5、ovides Higher Controller and Comms Availability(1oo1D)Can be run on either the L55M13 or L55M161757-SRM module(Ver 3.37)1756-ENBT Ethernet Module(Ver 3.4)1756-CNB/-CNBR ConrolNet Module(Ver 5.45)L55 Controller can now run Version 13 firmware for Standard SIL2 Apps 1756-L55M13/-L55M16 running V13 fir
6、mware(Ver 13.31)Allows current V10/V11 SIL2 implementations to upgrade to new features/functionsFaster L6x Series B Controllers certified at Version 13 functionality1756-L61,-L62 and L63 Series B Controllers certified at Ver 13.40Compact Flash functionality NOT supported in the certificationMiscella
7、neous Other System Components Sequence of Events Inputs,Synchlink module and Sourcing Analog Input(-IF6CIS)New-Px75 Series B Power Supplies(required when using L6x/B controller in SIL2 apps)4Copyright 2005 Rockwell Automation,Inc.All rights reserved.Certified Topologies Fail SafeNow,ControlLogix SIL
8、2 systems can be deployed in either the typical Fail-Safe topology,where the safety shutdown function will be initiated on any device failure5Copyright 2005 Rockwell Automation,Inc.All rights reserved.High-Availability for Controller and Commsor,through the use of Redundancy components,in a High-Ava
9、ilability topology that provides 1oo1D Fault Tolerance for Controller and Communication productsFault Tolerance provided for modules in the Primary/Secondary chassis6Copyright 2005 Rockwell Automation,Inc.All rights reserved.Newly Certified Product List January 057Copyright 2005 Rockwell Automation,
10、Inc.All rights reserved.Whats Planned8Copyright 2005 Rockwell Automation,Inc.All rights reserved.Upcoming SIL 2 Certification ActivitiesApril 05 Jan 06Pursue the certification of Redundancy components(V 13.7x)for L6x Series B Controllers Concept Validation:Exploring the use of Specially Designed Wir
11、ing Termination Boards to facilitate I/O Fault ToleranceWhen used with Redundancy,these boards will provide Fault Tolerance(availability)to the entire systemFor Analog and Digital DC Inputs,and Digital DC OutputsLimited Compact Flash utilities for L6x Series B controllersItems listed below are Plann
12、ed and not scheduled9Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 IntroductionBackground10Copyright 2005 Rockwell Automation,Inc.All rights reserved.1970s1980s1990s2000sPMC1774 PLCPLC-2 FamilyPLC3PLC-5 FamilySLC 500 FamilyPLC-4PI ControllerMicrologixLogix ArchitectureAutomate/Mot
13、ion DCSProduct Evolution Leading to ControlLogix Rockwell Automation/Allen Bradley has been producing programmable control devices since the mid 70s with over 2.8 million Programmable Controllers shipped since 1978A long legacy of providing dependable deterministic control to all manufacturing secto
14、rs has allowed products from the Logix Architecture to obtain SIL 2 Certification from TV11Copyright 2005 Rockwell Automation,Inc.All rights reserved.ControlLogix Receives SIL 2 Certification from TVTV has approved a subset of ControlLogix products for use in up to SIL 2 safety-related applications
15、in which the de-energized state is considered to be the safe state.No design modifications were made to these products in order to achieve this certification.Standard off-the-shelf product has been approvedThe certification method used by TV evaluated the inherent architectural behavior and function
16、al characteristics of ControlLogix against the criteria outlined in the IEC 61508“Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related System”StandardOff-the-shelf ControlLogix CapabilitiesIEC 61508 Standard Criteria12Copyright 2005 Rockwell Automation,Inc.All rights res
17、erved.Off-the-shelf ControlLogix CapabilitiesIEC 61508 Standard CriteriaControlLogix Architectural FeaturesSome examples of inherent ControlLogix architectural features that allowed standard,off-the-shelf product to achieve SIL 2 certification:Common backplane ASICs used on I/O,Communication and Con
18、troller modulesAll devices perform both start-up and run-time diagnostic checksProducer-Consumer/CIP protocol on the backplane and over the networks provides robust data validation Diagnostic Output modules allow for preemptive interrogation of potentially faulty output pointsSoftware Configuration
19、of I/O modules allows control of outputs to the point levelElectronic Keying assures the use of appropriate versions of certified modules13Copyright 2005 Rockwell Automation,Inc.All rights reserved.Other Important Factors Contributing to ControlLogix TV SIL2 CertificationControlLogix products exhibi
20、t high MTBF values using actual field data,not computed estimatesLow Probability of Failure on Demand(PFD)&Probability of Failure per Hour(PFH)calculations.Diagnostic Coverage and Safe Failure Fraction(SFF)data have been validated by independent 3rd partyRockwell adheres to Design Practices,Methodol
21、ogies and Procedures that are compliant with criteria outlined in the IEC 61508 Standard14Copyright 2005 Rockwell Automation,Inc.All rights reserved.Complete List ofCertified ProductsAs of January 200515Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified ControllersNon-Redunda
22、nt Applications-L55 Controllers are now certified at Ver 13 functionalityNew L55-based applications should always use the latest available firmwareExisting L55-based applications using older FW can be upgraded to V13New-L61,-L62,and L63 Series B controllers have been added(NOTE Compact Flash utiliti
23、es are not yet certified)1756-L55M13L55 Controller w/1.5Mb memoryA10.2711.3013.311756-L55M16L55 Controller w/7.5Mb memoryA10.2711.3013.311756-L61L61 Controller w/2Mb memoryB13.40 1756-L62L62 Controller w/4Mb memoryB13.40 1756-L63L63 Controller w/8Mb memoryB13.40 RED=Certified in January 2005Cat#Desc
24、ription Series Rev16Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified Controllers/Redundancy Products Redundant/High-Availability Applications-L55 Controllers are now certified at V13 Redundancy functionalityProvides High-Availability to Controllers and Comm products in the
25、Primary and Secondary chassisA dedicated Redundancy Bundle has been created on the Firmware Download siteSee http:/ for details1756-L55M13L55 Controller w/1.5Mb memoryA13.531756-L55M16L55 Controller w/7.5Mb memoryA13.531756-CNB/-CNBRControlNet Communication ModulesD5.45 1756-ENBTEthernet Communicati
26、on ModuleA3.41756-SRMSystem Redundancy ModuleA3.37RED=Certified in January 2005Cat#Description Series Rev17Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified Communication ModulesAs of January 2005CNBs and ENBTs are now certified at the latest firmware levelsNew installations
27、 should use the latest available certified firmwareOlder installations can be upgraded to the latest available certified firmwareSynchLink module added for SOE applicationsRED=Certified in January 20051756-CNB/-CNBRControlNet Communication ModulesD5.27 5.385.45 1756-DHRIODH+/RIO Bridge/Scanner modul
28、eC5.31756-ENBTEthernet Communication ModuleA1.333.41756-SYNCHSynchLink ModuleA2.18Cat#Description Series Rev18Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified Digital I/O ModulesAs of January 2005RED=Certified in January 20051756-IA16I120vac Isolated Input ModuleA2.21756-IA
29、8D120vac Diagnostic Input ModulesA2.61756-IB16D24vdc Diagnostic Input ModuleA2.61756-IB16I24vdc Isolated Input ModuleA2.21756-IB16ISOE24/48vdc Sequence of Events Input ModuleA1.51756-IB32DC Input-32ptB3.51756-IH16ISOE125vdc Sequence of Events Input ModuleA1.51756-OA16I120vac Isolated Output ModuleA2
30、.11756-OA8D120vac Diagnostic Output ModuleA2.41756-OB16D24vdc Diagnostic Output ModuleA2.31756-OB16I24vdc Isolated Output ModuleA2.11756-OB32DC Output-32ptA2.41756-OB8EI24vdc Isolated Output ModuleA2.31756-OW16IN.O.Isolated Relay Output-16PtA2.11756-OX8IIsolated Relay Output ModuleA2.1 Sequence of E
31、vents Input modules have been added to the certified listCat#Description Series Rev19Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified Analog I/O ModulesAs of January 20051756-IF16Single-Ended Analog Input-16ptA1.51756-IF6CISIsolated Sourcing Analog InputA1.121756-IF6IIsolat
32、ed Analog Input-6ptA1.91.121756-IF8Single-Ended Analog Input 8ptA1.51756-IR6IRTD Input 6ptA1.91.121756-IT6IThermocouple Input 6ptA1.91.121756-IT6I2Enhanced Thermocouple Input 6ptA1.111.121756-OF6CIIsolated Analog Output-Current-6ptA1.91.121756-OF6VIIsolated Analog Output-Voltage-6ptA1.91.121756-OF8A
33、nalog Output 8ptA1.5 1756-IF6CIS Sourcing Analog Input has been added to the certified list All Isolated Analog modules are now certified at latest firmware levelCat#Description Series RevRED=Certified in January 200520Copyright 2005 Rockwell Automation,Inc.All rights reserved.SIL 2 Certified System
34、 ComponentsAs of January 2005RED=Certified in January 2005 1756-PC75 and PH75 supplies added to the list of certified products Series B versions of the PA75/-PB75 supplies are now certified NOTE-Series B supplies must be used with any L6x Series B controller1756-A4,A7,A10,A13&A17ControlLogix Chassis
35、B1756-PA75120vac Standard Power SupplyA&B1756-PA75R120vac Redundant Power SupplyA1756-PB7524vdc Standard Power SupplyA&B1756-PB75R24vdc Redundant Power SupplyA1756-PC7548vdc Standard Power SupplyB1756-PH75125vdc Standard Power SupplyB1756-PSCARedundant Power Supply Chassis AdapterA1756-PSCA2Redundan
36、t Power Supply Chassis AdapterACat#Description Series21Copyright 2005 Rockwell Automation,Inc.All rights reserved.ControlLogix/SIL2 Application RequirementsCopyright 2005 Rockwell Automation,Inc.All rights reserved.CLX/SIL 2 Application RequirementsCertification is predicated on following the rules
37、and guidelines for applying ControlLogix in a SIL 2 compliant manner described in the Safety Reference ManualE-copies available at the following locations:TUV Site:ROK Certification Site: number 1756-RM001D-EN-PSafety Reference Manual23Copyright 2005 Rockwell Automation,Inc.All rights reserved.CLX/S
38、IL 2 Application RequirementsCertified ControlLogix System Topologies for SIL 2 ApplicationsTraditional Fail-SafeHigh-AvailabilityFor Controllers and Comms24Copyright 2005 Rockwell Automation,Inc.All rights reserved.General Rules when applying ControlLogixCustomers must perform a Risk Assessment and
39、 Hazard Analysis to determine the SIL rating of their application Customers are responsible for the set-up,SIL rating and validation of any sensors or actuators connected to the ControlLogix systemA System Proof Test must be performed at an interval appropriate to the users application:Testing of al
40、l fault routines to verify that process parameters are monitored properly and the system reacts properly when a fault condition arises.Testing of digital input or output channels to verify that they are not stuck in the ON or OFF state,along with calibration of analog input and output modulesFollow
41、the guidelines described in the Safety Reference Manual(*-Refer to ControlLogix Safety Reference Manual(1756-RM001D-EN-P)for complete details)The user is responsible for following the guidelines in the Safety Reference Manual to ensure proper implementation of a SIL-compliant system*:25Copyright 200
42、5 Rockwell Automation,Inc.All rights reserved.General Rules when applying ControlLogixOnly certified modules of the appropriate Firmware Revision and Series Designation shown in the Safety Reference Manual may be used in the Safety LoopNOTE:a“SIL2 Firmware Bundle”is now available at the Rockwell Fir
43、mware Download SiteOnly a single controller can own the I/O involved in the Safety LoopPeer to Peer communication is restricted to ControlNet only and should occur only if the controller in the Safety Loop is sharing its data with(not accepting data from)other controllers outside the LoopOn-line cha
44、nges permitted to the application program are limited to those which do not affect the Safety Function.These changes must only be performed by authorized,specially trained individualsAll sensors must be wired to inputs on two separate input modulesWhen using standard digital output modules,the outpu
45、t must be wired to a monitoring input point(not required for diagnostic output modules)(Refer to ControlLogix Safety Reference Manual(1756-RM001D-EN-P)for complete details)The user is responsible for following the guidelines in the Safety Reference Manual to ensure proper implementation of a SIL-com
46、pliant system*:26Copyright 2005 Rockwell Automation,Inc.All rights reserved.Input Wiring ExampleWhen using input modules:Sensors must be wired to separate input points on two separate modules.User program must compare the two input points for agreement before using them in logic solving(Refer to Con
47、trolLogix Safety Reference Manual(1756-RM001D-EN-P)for complete details)27Copyright 2005 Rockwell Automation,Inc.All rights reserved.Standard Digital Output Wiring ExampleWhen using standard Digital Output Modules,users mustwire an output to an actuator and then back to an input to monitor output pe
48、rformanceexamine the Output Data Echo signal in program logic to ensure that the output command was received by the moduleexamine the monitoring input point in program logic to ensure that the output point is in its commanded state(Refer to ControlLogix Safety Reference Manual(1756-RM001D-EN-P)for c
49、omplete details)28Copyright 2005 Rockwell Automation,Inc.All rights reserved.Diagnostic Digital Output Wiring ExampleWhen using Diagnostic Digital Output Modules,wiring the output point to a monitoring input is not necessary because this is an on-board function of the module.The user must however:ex
50、amine the Output Data Echo signal in program logic to ensure that the output command was received by the moduleperform periodic Pulse Tests of the outputs along with examining appropriate diagnostic fault bits to ensure the output is following the commanded state(Refer to ControlLogix Safety Referen
浙ICP备2021020529号-1 | 浙B2-20240490 
