Functional Safety Certification
The TM5CSLC100FS and TM5CSLC200FS Safety Logic Controllers are certified
oby TÜV NORD
ofor use in applications up to and including SIL 3 according to IEC 61508 and IEC 62061.
This certification verifies that the Safety Logic Controllers are compliant with the following standards:
oIEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems, Parts 1 to 4, 2010, up to SIL 3
oISO 13849-1: Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design, 2015, up to PL e (Category 4)
oIEC 62061: Safety of machinery - Functional safety of safety-related electrical, electronic, and programmable electronic control systems, 2005 (A1:2013), up to SILcl 3
NOTE: Using Safety Logic Controller equipment is a necessary but insufficient precondition for the certification of a SIL 3 application. A SIL 3 application must also fulfill the requirements of the IEC 61508, IEC 61511, IEC 61131-2, and other application standards.
The Functional Safety parameters according to EN ISO 13849 are as follows:
oPerformance Level for
oSDI (safety-related digital input) to SDO (safety-related digital output): up to PL e
oSAI (safety-related analog input) to SAO (safety-related analog output): up to PL e
oCategory: up to 4
Classification of the Schneider Electric Products
The Safety Logic Controllers are dedicated to perform safety-related functions. The Safety Logic Controller system consist of the controller supporting the Sercos III fieldbus network. The controller then interfaces with the Sercos III Bus Interface, TM5/TM7 Safety-Related I/O modules, and other safety-related devices such as drives and third-party devices. However, it also supports other modules, enabling you to add non-safety-related parts to your SIL 3 project.
Therefore, the Schneider Electric products must be distinguished into:
osafety-related modules and
onon-safety-related modules
In contrast to the safety-related modules, non-safety-related modules are not used to perform safety-related functions. They are certified as non-interfering modules for use with the Safety Logic Controller. A detected error in one of these modules does not interfere with the execution of the safety-related functions.
Safety-Related Products of the Safety Logic Controller System
The Safety Logic Controller system is comprised of the following safety-related products:
|
Type |
Module Reference |
|---|---|
|
Safety Logic Controller, SLC 100 Sercos III, 24 Vdc |
TM5CSLC100FS |
|
Safety Logic Controller, SLC 200 Sercos III, 24 Vdc |
TM5CSLC200FS |
|
Safety-related Module 2DI 24 Vdc Sink |
TM5SDI2DFS |
|
Safety-related Module 4DI 24 Vdc Sink |
TM5SDI4DFS |
|
Safety-related Module 20DI 24 Vdc Sink |
TM5SDI20DFS |
|
Safety-related Module 2DO 24 Vdc, 0.5 A |
TM5SDO2TFS |
|
Safety-related Module 2DO 24 Vdc, 2 A |
TM5SDO2TAFS |
|
Safety-related Module 4DO 24 Vdc, 0.5 A |
TM5SDO4TFS |
|
Safety-related Module 2DO |
TM5SDO2TRFS |
|
Safety-related Module 4DO 24 Vdc, 2 A |
TM5SDO4TAFS |
|
Safety-related Module 6DO 24 Vdc, 0.2 A |
TM5SDO6TBFS |
|
Safety-related Module 2DI (2 test (pulse) outputs), 2DO 24 Vdc, 6 A |
TM5SDM4DTRFS |
|
Safety-related Module 6DI, 2DO 24 Vdc |
TM5SDM8TBFS |
|
Safety-related Module 2x2AI 4-20 mA 24 bits |
TM5SAI4AFS |
|
Safety-related Module 2x2AI Thermocouple J/K/N/S/R/C/T |
TM5STI4ATCFS |
|
Safety-related Counter Module DC1 7 kHz 24 Vdc Sink |
TM5SDC1FS |
|
Safety-related Power Distribution Module PS 1DO 24 Vdc |
TM5SPS10FS |
|
IP67 Block, 8 DI, 24 Vdc |
TM7SDI8DFS |
|
IP67 Block, 8 DI, 4 DO, 2 A |
TM7SDM12DTFS |
|
TM5 Bus Base for safety-related Electronic modules, safety coded, internal I/O supply interconnected |
TM5ACBM3FS |
|
Safety-related Terminal Block, 12-pin, safety coded |
TM5ACTB52FS |
|
Memory Key, 8 MB(1) |
TM5ACSLCM8FS |
|
(1) A memory key is required for operation of the Safety Logic Controller, and is sold separately. For more information concerning the role of the memory key in the Safety Logic Controller system, refer to Safety Logic Controller Memory Key. |
|
Only modules certified as safety-related modules are allowed to perform safety functions. Make certain that neither inputs nor outputs of non-safety-related modules are used for safety-related inputs or outputs.
|
|
|
IMPROPERLY CONFIGURED SAFETY-RELATED SYSTEM |
|
oUse only safety-certified products for use in a safety-related system. oUse only Schneider Electric authorized products in a Safety Logic Controller system. |
|
Failure to follow these instructions will result in death or serious injury. |
NOTE: The Sercos III Bus Interface, required for communication with TM5 Safety-related modules, is considered a non-interfering module and does not contribute nor detract from the safety function of the controller. The safety layer part of the Sercos III communication is managed inside the Safety-related modules and not in the Sercos III Bus Interface.
The following Schneider Electric bus interface is available:
|
Module Type |
Module Reference |
|---|---|
|
Sercos III Bus Interface |
TM5NS31 |
NOTE: The Sercos III Bus Interface, required for communication with the safety-related expansion modules, is considered a non-interfering module and does not contribute nor detract from the safety-related function of the controller. The safety layer part of the Sercos III communication is managed inside the safety-related modules and not in the Sercos III Bus Interface.
For more information on safety-related product architectures, refer to TM5 / TM7 Safety-Related System I/O Architecture.
|
|
|
IMPROPER SAFETY-RELATED SYSTEM |
|
oUse only modules designated as safety-related modules to perform safety-related functions. oMake sure that neither inputs nor outputs of non-safety-related modules are used for safety-related outputs. |
|
Failure to follow these instructions will result in death or serious injury. |
For SIL 3 applications, IEC 61508 defines the following probabilities of failure on demand (PFD) and probabilities of failure per hour (PFH) depending on the mode of operation:
oPFD ≥ 10-4 to < 10-3 for low demand mode of operation
oPFH ≥ 10-8 to < 10-7 for high demand mode of operation
Defined Safe State and Life Span
For more information on the defined safe state of modules in the case of detected errors as well as on the life span, refer to Defined Safe State and Life Span.
