PLCs in industrial automation are categorised into two types – normal and safety. Often, engineers think that a normal PLC also performs the same tasks as a safety PLC. Then why is this difference? It is correct to an extent, but not fully. Safety PLC hovers above a normal PLC with some additional features that a normal PLC cannot provide. A common term used in safety PLCs is fail-safe, and one such automation brand that is widely known for safety PLCs is Siemens Automation. In this post, what is the concept of fail-safe in Siemens PLC?
What is a Safety PLC?
First of all, let us understand what a safety PLC is. A safety PLC is a special type of automation device that brings the plant to a safe shutdown mode in case of failure. The PLC itself is hard and soft protected in such a way that it is difficult to crack or hack it. Due to this, a robust industrial environment is provided to the engineers. This is done to overcome one major setback of a normal PLC, where extra external components will be required to shut down the system safely.
They are certified according to SIL (safety integrity levels) level operation and matter the cost accordingly. These PLCs are tested according to various industrial standards of IEC and ISO, which determines it’s functional safety and industrial safety working.
Fail-safe SIMATIC controllers
Fail-safe is a general term used in Siemens Automation for identifying safety PLC brands. It is denoted by the letter ‘F’. For example, if a normal S7-1200 PLC has a model number of 6ES7212-1AD30-0XB0 (CPU 1212C DC/DC/DC category), a safety S7-1200 PLC has a model number of 6ES7212-1AF40-0XB0 (CPU 1212FC DC/DC/DC category).
Fail-safe SIMATIC range of PLCs are present in S7-1200, S7-1500, Simatic Drive Controller, S7-300, S7-400, and ET-200SP. So, all the mid and high-level range of PLCs in Siemens have a safety PLC in their category. They also have their corresponding safety IO modules, same denoted by the ‘F’ letter. One thing to note is that you can use both standard and safety IO modules with the SIMATIC safety CPU, according to your requirements.
Now, when it comes to the programming part in Siemens safety PLC, safety blocks, devices, instructions, data types, and tags are identified by the yellow color. This helps in the easy identification of safety logic. The OB’s (object blocks), DB’s (data blocks), FC’s (function codes), and FB’s (function blocks) are identified with ‘F’ letters. Special safety function libraries are available in the software,e like emergency stop, two-hand monitoring, parallel muting, 1oo2 evaluation with discrepancy analysis, feedback monitoring, safety door monitoring and global acknowledgment of all F-IO’s.
You cannot use the F-objects like tags, function blocks, and all outside the safety program routing. This is present not only in Siemens PLC, but is a universal concept related to all safety PLCs. This prevents misuse of tag writing or reading in the other standard blocks, which can prove as a malfunction to the system, and violate the safety standards that the PLC has complied with. Fault detection capabilities in a safety SIMATIC PLC are of high standards, which a normal PLC cannot have, which we will discuss later in the post.
Coming to the hardware part, as discussed earlier, advanced features like wire break of IOs, chattering of IOs, short circuit test of IOs, rigorous memory and communication bus testing, testing for program and power failure, etc. You have the option to select the monitoring time to a certain limit. Also, you can configure voting logic for the IOs like 1oo2, 1oo3, 2oo3, etc. (which obviously requires the corresponding field and PLC wiring accordingly). This gives a very much flexibility in redundancy and reliability.
Also, if a fault occurs and becomes normal, it will not reset until acknowledged by the user. This prevents unintended automatic operation and fully ensures that the user has verified the fault completely on their end. The F-program has its own dedicated scan time and watchdog monitoring, which does not relate nothing to the standard PLC rates.
If you are downloading or doing any online change in the safety block, a digital signature is required (meaning in a normal PLC, you can configure credentials for downloading. But even if you don’t change any code, it allows for download. But in a signature, even a slight change requires reverification with credentials. Until then, a no-change code will not be allowed to be downloaded. Every such change is recorded in PLC memory with timestamp, version number, and changes made). Due to this, no one can just randomly make any change in the PLC hardware and allow it to function accordingly.
Coming to the last part, Siemens’ fail-safe PLC uses PROFIsafe communication protocol, which is nothing but an additional upper layer protection in OSI model over PROFINET and PROFINET. It allows for rugged real time data fetching, CRC checksum integrity, timeout monitoring and ensuring critical data is always protected and transferred safely. It can also detect wire break and wrong data.
In this way, we saw the concept of fail-safe in Siemens PLC.
Read Next:
- Difference Between FC and FB in Tia Portal
- Safety PLC Feedback Monitoring Programming
- Can a PLC Function Without an HMI or SCADA
- Safety PLC Programming Recommendations
- 1oo2 Evaluation Safety Program in Safety PLC