Functional Safety Certification
The TM5/TM7 Safety-related I/O modules are certified by TÜV Nord for use in applications up to SIL 3 according to IEC 61508 and IEC 62061.
This certification verifies that the TM5 and TM7 modules are compliant with the following standards:
oIEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems, Parts 1 to 4, 2010, up to SIL 3
oISO 13849-1: Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design, 2015, up to PL e (Category 4)
oIEC 62061: Safety of machinery - Functional safety of safety-related electrical, electronic, and programmable electronic control systems, 2005 (A1:2013), up to SILcl 3
NOTE: Using a Safety Logic Controller equipment is a necessary but not sufficient precondition for the certification of a SIL 3 application. A SIL 3 application must also fulfill the requirements of the IEC 61508, IEC 61511, IEC 61131-2, and other application standards.
Classification of the Schneider Electric Products
The safety-related modules allow to perform safety-related functions. However, they also support non-safety-related modules, enabling you to add non-safety parts to your SIL 3 project.
Therefore, the Schneider Electric products must be distinguished into:
osafety-related modules and
onon-safety-related modules
In contrast to the safety-modules, non-safety-related modules are not used to perform safety-related functions. They are designated as non-interfering modules for use with the Safety Logic Controller. A detected error in one of these modules does not detract the execution of the safety-related functions.
The Functional Safety parameters according to EN ISO 13849 are as follows:
oPerformance Level for
oSDI (safety-related digital input) to SDO (safety-related digital output): up to PL e
oSAI (safety-related analog input) to SAO (safety-related analog output): up to PL e
oCategory: up to 4.
Available Safety-Related Controller
The following Schneider Electric safety-related controllers are available:
|
Module Type |
Module Reference |
|---|---|
|
Safety Logic Controller SLC 100 SERCOS III 20 nodes |
TM5CSLC100FS |
|
Safety Logic Controller SLC 200 SERCOS III 100 nodes |
TM5CSLC200FS |
NOTE: The safety-related modules must be connected by using an additional Sercos III Bus Interface TM5NS31 exclusively to the Safety Logic Controller. Mechanical, hardware, and firmware features are described in the Modicon TM5 Safety Logic Controller SLC100/200 FS Hardware Guide.
The following Schneider Electric bus interface is available:
|
Module Type |
Module Reference |
|---|---|
|
Sercos III Bus Interface |
TM5NS31 |
NOTE: The Sercos III Bus Interface, required for communication with the Safety Logic Controller, is considered a non-interfering module and does not contribute nor detract from the safety-related function of the controller. The safety layer part of the Sercos III communication is managed inside the safety-related modules and not in the Sercos III Bus Interface.
|
|
|
IMPROPER SAFETY-RELATED SYSTEM |
|
oUse only modules designated as safety-related modules to perform safety-related functions. oMake sure that neither inputs nor outputs of non-safety-related modules are used for safety-related functions. |
|
Failure to follow these instructions will result in death or serious injury. |
For SIL 3 applications, IEC 61508 defines the following probabilities of failure on demand (PFD) and probabilities of failure per hour (PFH) depending on the mode of operation:
oPFD ≥ 10-4 to < 10-3 for low demand mode of operation
oPFH ≥ 10-8 to < 10-7 for high demand mode of operation
