Specification of Limit Values for Safely Limited Speed (SLS) from a Non-Safety HMI
An HMI allows the operator to set a new SLS value. This value is deliberately modified in the HMI. Aside from the SLS value, this modification generates two additional values that are also transferred to the F-CPU. These modified values are used to rule out data corruption.
The modifications by the HMI are undone in the safety program. If the two remodified values match the transferred SLS value, data corruption can be ruled out.
If any data corruption is detected, this information is displayed on the HMI. Only if the three values are identical (correct data transfer) will the HMI display the SLS value to the user for release and the new SLS value can be released by the operator.
Then the new SLS value is transferred from the controller to the drive via the fail-safe PROFIsafe PROFINET profile.
The safety concept described here is suitable to achieve SIL 3 according to IEC 62061 or PL e according to ISO 13849-1.
The solution presented here offers the following advantages:
- User-friendly transfer of safety-related configuration data for the drive using a non-safety HMI.
- The safety concept can also be applied to other tasks.
- The F-CPU and the drive with safety functions are certified safety components, i.e., an SLS value in the F-CPU is safely transferred to the drive with safety functions.
- Planning reliability due to TÜV assessment (see “Downloads”).
- Upgrade of the project to TIA Portal V15 and V14 SP1
- Addition of a data buffer to avoid possible data corruption errors
- Revision of the visualization on basis of the HMI Template Suite 91174767
failsafe, panel, WinCC, Safety Integrated, F-PLC, safety integrity level, performance level