Simatic Safety Integrated in S7-1200, S7-1500 and ET 200

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] is going to start with the safety systems session actually here we are going to see just out say we are just which will scratch the surface or just a really brief overview about amines safety systems based on our s7 controllers and configured in ta portal so we see just a few few concepts so base concepts and also the options that we have available in our portfolio to address applications where safety is awake requirement so when we talk about safety so the main goals are to protect that people and even protect the installation equipment the machine itself sometimes even the environment against any other other or another some hazard other situation that could be caused by by the the equipment's failures or some particular function of the equipment fails and that might cause an injury that might cause damage to the equipment so whenever such situation such equipments are designed and required as a and you identify such situations then a safety system my is required to address those those situations so and I mean the reasons would be that there are laws also that say that make it in memory for some types of equipment or machines to have safety systems but sometimes the reason is it's also say economic because if some something happens if the operators or if with the machine self with the installation so definitely there be I mean some penalties or there is a loss of production or I say increased cost in terms of say repairs so that's why some say when we identify that there is a requirement he use say any safety systems again just showing what would be they use so to prevent the injury or even I mean worst case death of I mean operators or people or damage or even destruction of a particular equipment or machine and as a consequence I mean losses in terms of production in terms of known availability of the equipment and so on so on so that's why ago there is a requirement for safety there are some say set of standards that over I mean the design and use of safety systems and in different areas so there are some some general standards that over I mean safety safety in different I mean different sectors could be in terms of I know discrete automation process automation and so on so on and there are some specific ones that go over specific applications and even to the point that are that are also standards that cover how to design and develop safety devices so for us here just I just put my SIA at least of the ones that you might see here and there whenever you see for example the specification of a device that's used in safety systems could be a controller could be a sensor could be an activator for example so do be certified according to some some standards so these standards that we that I show here I mean some basic ones that you might see most frequently whenever dealing with these devices and equipments but they're they're much more so standards that are used in different areas for different applications different types of devices and just as an apart so for example if you take I mean one of our controllers and you say a few safe controller and you check the certificate for safety or dimension function state or machine safety so you see that the certificate is issued also the tests are done according mostly through the to the standards that you see here in nurse innerspring so and so that's just a small detail that if you're if you are curious or if you need you see that in the certificate these are the standards that are mentioned that are used to certificate or to provide approvals for a particular system or device and then in terms of say when there is a requirement of the safety of a safety systems system actually that need comes based on a particular process so let's say you're building a particular piece of equipment a particular machine where you see that there are some points that could cause or that are I mean or some are doing some dangers to the operator or even to the installation itself so to identify it I mean true true check if you need I mean a safety system apply to that particular piece of equipment so there is a particular procedure based on the available standards there you need to assess all the risks involved in that particular machine so you identify like what kind of dangers or kind of hazards are are there in the machine and then you need to evaluate the level of the risks so it means that to say how frequent is the risk is there or what's the severity of the damage that it can cause for example and based on that assessment if you find that there are say an acceptable levels of risk then you based on some criteria you define okay what kind of safety system or safety device any to use for example I mean as a simple measure there are some rotating part that can cause say injury to some someone operating the machine I mean a simple measure you can just put a cover on the rotating part and then say you would use the level of risk to an acceptable level so then you can have your machine operated in a more I mean in a more safe way but sometimes of course there are some measures that you apply that might even might cause maybe might reduce maybe default performance of the machine or might make the equipment more difficult for example to operate so then you need to find other measures to reduce the risk but at the same time not I say reduce the performance or the usability of the equipment or the machine so this is all done in in the process where you identify the risks you design and say apply this system to minimize or reduce the risk and then of course in the end you need true to have some proof that in those measures are enough to reduce the levels of risk so this is I say the complete let's say process of evaluating and designing a system that can reduce the risks of accident or injury on the equipment or the machine so one of the the most I mean one of the terms that are used are the safety level and you can most all other cases whenever there is a requirement for our safety systems especially based on an Isaiah and electronic equipment even other system other devices can can be assessed like that but let's say you having an inquiry asking okay I need let's say you 3 controller or a c2 device so this is one of the ways of say evaluating the safety level required for some equipment and then let's define in the standard how to actually do now after that get to that novelty mark to identify numbers mark your microphones please okay thanks so based on the standard so we can define what's the mean based on the assessment of the risks and I mean the the lab of the risks so based on that assessment you can come to the level I say this the safety level require the truth reduce the risks and then that's done based on the standard so for example to get when you say okay I need a suitry controller or our controller that can be used in a suit three application so we get to that information that I need a suit three application based on some criteria for example based on the on the the ISC or en six to zero six one standard actually is the same criteria that we have on the six one five eight five zero eight so based on the severity of I mean the damage or injury that can occur from particular risk and also based on other criteria on the say how frequent is that risk there or how that can occur or even is that avoidable or not based on the current design of of the equipment so based on this criteria we can come true then from having true that information that okay I need for this particular application made a suture system to handle or to reduce the risks or sometimes I can get through depending on the measures that I take I can come to up on that okay identify that I actually don't need a safety system so a standard system control system can handle or the equipment so based on does the standard you can identify so by the assessment which does say the safety level and based on this particular standard is the still level so safety safety integrity level so which so what level I say what safety level I need in terms of the equipment should be applied true to the machine or to the to the equity also be is not another standard that's actually the the the I cen standard are the mostly used but even the the ISO standard also provides you a way of accessing or say defining the safety level here we are talking about the the term is C so C 1 root 3 actually there is a su 4 but not apply to machine safety but when you go into a safe process safety then there is another level but it's not applied here on the ISO standard we have a set of four have five levels and they are assessed in a slightly different way but the results are B may be similar and again so when you check our devices or our for example a controller or an i/o system you see that the certificates issued they are based on different standards so including so you see that for example an i7 controller a fail-safe controller is certified for applications up to sea level and performance level e that's the highest level based on the on the ISO one three eight four nine standard so they are certified according to different standards so whenever the user with say uses one particular standard or another so they can use the same system as I mean as a safety system and then as a nutshell so just to provide an idea so we're talking the highest risk available the highest say security as a safety level or suti or performance level ii and so on so just should give an overview between them so when you're talking about the different types of I mean I say or the use of different standards so performance level and Cu level so we can't relate them there are different standards but there is some common ground so for example one of the the common grounds that that are between us those standards is what we call the probability of dangerous failures either per hour or on demand so depends on different cases so this is another term that you see quite frequently when your design or selecting a safety system so this is a number or a figure that's provided by the manufacturer of the particular device that gives you an idea of the I mean the probability of a failure or a dangerous trailer over over time normally per hour and then also it's a criteria for you to identify that a particular system is according true and one particular CSU or three level the performance level D or e so those numbers will give you based on the particular interval a particular level of of the EF age or the probability of failure if the system can be applied in situ or a c3 application so that's another criteria that's used but here is based on the equipment that you do so first based on the risks you define the safety level and then when you you know select and design and use or select a particular set of devices you need to check if those devices fit in the safety level that was defined so the PF age is one of the criterias or one of the figures that are used in the calculations to check if that particular configuration fits in the requirement of that safety level okay so this is just a few I mean concepts and in terms that are common and say and frequently you see whenever there is any application for safety systems then starting going towards the portfolio or the systems that we can offer within our portfolio for safety so in a I'd say in a classic approach for example you could have let's say an application where you have say a standard I mean control system based on a standard controller standard iOS and other devices and then if you required a safety system that can be done in a separate way we've a separate maybe if it says more one can be just a safety relay or it can be programmable safety relay or can be even separate safe controller with for us we can do say all at once so it means that you can have a controller that can handle the standard and failure safe part of the point of the equipment control we have say sensors and actuators that also can so can be used in the safety applications so that's what we call safety integrated so that concept we have for me for a long time now and currently we have the options based on all the control systems available in T Porter for example we hit seven 1200 1500 Newton s p io systems so all of them integrated and available within the airport so this is one example for four and 750m based application but also if you are talking about maybe smaller systems with say say less requirements so maybe less number of safety functions then you can also use an a7 1200 failure save Sophia safe CPUs and IO models are available also for seven 1200 so we are talking about safety so it means that we have the harder so we have the controllers we have the iOS but at the same time we need the engine needing to say to configure and develop the application I see a few save application so in ta Porto course you're going to need step 7 to configure the controller on top of that you need also an additional package the the safety in I mean two sizes so safety basic if you're only configuring a 7 12 and base applications or the safety advanced if you are confusing the large controllers 7 yeah it includes also 1200 about 1500 SP controllers and even if needed a 7 300 400 F controllers can be configured in a port using the safety advanced together with step set so another another say a part so when I mention about the certificates of our controllers actually when you check the certificate for an a7 1200 1500 you're most probably won't be able to find a particular certificate because the certification is done based on the whole system so the certificate is based not only on the hardware but also on the engineering the instructions are available so that failsafe instructions available within the engineering so you'll find for example TV certificate for the in related to say functional safety so that includes the whole harder but also the engineering tools used to configure and program the particular harder so that's why it's also it's always a combination of the harder part and the former and engineer software as a complete system to develop I mean safety related application so when I start talking about the controller part on the controller side so the harder so basically also a safety application has I mean a civil similar concept of a standard one so we have I mean so you need to read some input from the field somehow I have some processing and have a response accordingly but because of the requirements of safety systems that is done in different ways so there are additional functionalities available in a safety system that can detect say dangerous situations and shut down the system in true say a safe status so to avoid let's say any kind of damage or any kind of injury to people so and that is done for example we've particular hardware let's say failsafe CPUs face if I feel safe I also give in terms of the sensors and actuators we can use standard sensors but it needs to be combined in a certain way that you can reduce the risk of let's say a dangerous failure so for example if you have only a single input being read from a sensor if that sensor fails and say you don't have a new to detect the failure that can cause a dangerous state and that danger state can cause injury and damage to the machine or injury to a person from and even in terms of the activator the same way so if you don't have a means to guarantee that the actuator I said that I mean the probability or of dangerous failure is reduced on that trader side also that can cause a say a dangerous situation so how and so how can we kind of mitigate or increase I mean the the level of safety or or say how to detect this additional so these cases of danger and dangerous situations so for example the diffusive inputs they have extra say Diagnostics that can detect that can detect that the input itself may be the sensor has some issues if there is be a short circuit or if the the sensor if it's a may be true sensors you have a discrepancy when they activate for example and they have you mean even to detect the failure is within the higher-self truth so check if the hardware is is is I mean it's consistent if something is wrong I say stop the system for example same way the CPU same way for example some iOS so this also same for the outputs of the system so this is the mode I mean interpret the harder these are the biggest differences between a standard system and a failsafe one so these are the additional measures to be able to detect failures and stop the system in a safe way so to avoid further damage or injury so starting with the controller itself so in the beginning so the initial approach so if for any failsafe controller actually was done by duplicating the controller and the iOS so so it was I say I read in a controller but the idea here was not true they increase the level of availability but also to increase the but but to increase the level of say reliability so it means that both controllers are running exactly the same program and then you're processing and comparing the program so comparing the inputs comparing the code say that being run comparing the outputs if any discrepancy was detected the system would shut down and stop until that particular issue was fixed so that was the let's say the initial self-regeneration of safety systems one example here is based on an S 5 so redundant controllers next generation based on a7 300 400 and nowadays 712 and 1500 actually we use a single CPU but with different mechanisms to guarantee that if some if there is any particular discrepancies during the program processing it can be detected and the system will shut down to avoid further problems and that is done by having what is called diversity so actually the the CPU runs the program in two different ways so they call this a normal I said remote program and a coded program I am NOT going to details of how this code is done not putting different weights and then that's compared in the end and also that is done in difference in different points of time so it runs first the normal program then after that runs the coded program in the end it compares both and then if any any difference were in the discrepancy is detected system shuts down so just I mean a few slides just to kind of give a brief idea so in terms of diversity so there is a standard and the audit program so the program is running different ways not exactly sure how it's done but it's that like that and in different a different point of time and then after they run so in the end they compare and then if there is any difference or any discrepancy detected in this comparison the system will shut down to avoid further problems and so for example here it shows how it's done so so the CPU executes the user program first then the coded program and then compare the results so in a sequence so that's one of the reasons that if you see if you compare the specs of a phase of CPU to a standard CPU so the same model you see that in terms of the performance they are usually the same except for the amount of say memory so work memory because the CPU require because of the the use of the coded user program so and the additional memory is used to run the program so that's why most of the failsafe versions of the CPUs they have a slightly higher same memory size that's that's that's the reason well you have a bit more memory for those CPUs and in terms of the the portfolio so the whole portfolio of controllers within ta Porto we have the standard options and have failsafe options starting from 1200 1500 eating less easy CPUs and even the shorter controller we have three you save in terms of the SN 1200 so for smaller applications less complex or with lower number large number of say safety functions so we have three CPUs we have some failsafe iOS actually one interesting point here is that the the buting iOS on the CPU they are not failsafe there are standard iOS the reason behind that is that if we had the safe here say if I use directly on the CPU let's say in terms of development a certification of the device would take much longer so that's why we decided to have to keep buting iOS on the CPUs standard and have additional failsafe models that could be used in a few safe indications am so in case of the 1200 some F few safe digital inputs and outputs are available again if there is a need most probably because it's a small system but if required also additional phase if iOS can be added over and for example PROFINET to and distributed i/o system for example one then we get into the more add-on to the advanced controller so I send 1500 again here so the whole portfolio of standard CPUs have say failsafe version so that's that's an improvement compared to the previous generation or a7 300 for example that we had just a few of the CPUs they have you save versions so here starting with the smaller CPUs up to the the the the biggest one we have standard and failsafe CPUs so and also mentioned the say the software controller also has a fail-safe version in terms of the distributed controllers so based on 8200 systems also again so face.if versions sorry yes so failsafe versions of the CPUs available I'll say the same I mean standard CPUs have the same have also available as a fail-safe and then I start talking about the iOS so not the safety system we have you have the controller but we need to have means of say reading inputs from sensors and also having the outputs for the operators for the COC application so starting with the 8200 systems so you don't I speak so with it's a nice P we can use failsafe iOS of course with the failsafe CPUs 1510 F SPF CPU or 1510 1512 F CPU and in terms of iosys or zebra today all systems so the profit balls I am and also the the prof net I am the standard and and high feature all of them support failure save iOS you see here that say of course there are differences between them in in other aspects but even for maybe a simple application so using a standard IEM can be say you can use for say few save application terms of iOS you can expect at least you have these tau input and outputs so failsafe versions so for example there is an 8-channel this point put available for the say a fail-safe 8 channel for the SP and here's an example on emergency stop according to c3 or performance performance level ii so just a wiring here we are talking about and see and in terms of the i/o channels it's an one on one out of true evaluation to achieve that level of that particular safety level so meaning that you are using true channels and into physical channels as one channel with si within the application so evaluated a single Channel and then with this configuration we are able to achieve let's say the highest say safety levels there are some other simpler configurations especially if you are going with say lower safety levels we see one or so true that you might not require to say using a true channel so one channel is enough to achieve that particular safety level so one example a machines talk another example for example using si safety barriers or other I mean I think these are so door sensors for example again using so for applications reaching a caco3 or per person performance level e level safety level and then for example this is one of the features that you find in terms of a safe Diagnostics in a fail-safe di and not in a standard one for example this chatham monitoring that can detect if it's a a particular input has some I mean whenever we switched on or switched off or especially switching on there is some I mean some how can I say some I mean pauses until the input gets since table so that can be for example detected from an FBI and then if required say detecting a see a particular hazardous situation it could say shut down the system in terms of these outputs there is there few digital puts different types so transistor relay outputs even there is a or ffs a fail-safe or model that can be used in certain applications true may be simplified whenever a particular skill level is required but for example the FDA the FDU so that can be used again up to a suti or ple so one particular assay wiring according to through the requirements of the c3 application so and here you see that in for suitry there is a requirement of true in this case these true the two activators are actually their common contactors actually use you can see I mean you you can find this information in the manual but the reason that you need I say two contactors here for example in parallel there are some reasons behind that sa true withdrew as a to reduce the probability of failure because I say the contactors they have a particular probability of failure over over time and then according to the standards there are some levels accepted that can be used for CSU one applications you are suitry so here the use of true contactors is actually true reduce reduce this probability of failure to a lower level that can that that is accepted in CSU tree application so that's why you see say true contactor is being used in parallel for this particular safety level lower safety level you might be able of course you need to I mean do some calculations perform some calculations to see if you can reach that level so you might be able to use a normal contactor or if you're not using a say standard contactor so if you're using for example a radius is certified or qualified we are using a particular set file up I mean qualified actuator so you don't need to I mean true perform any calculation to see if that fits in your application you know already because you get the figures in terms of the safety level or even lab as a probability of ever of a failure directly from the supplier oh again additional measures to detect say dangerous situations so for example for the FDA's or ethnic use we have some tests for example one of them is the dark test that actually when the output is switched on so internally the mall briefly switches off one line say the positive line and also briefly switched off the say the ground or the zero volt so with this safe test you can detect for example in turnovers meaning for example if you're switching on the output but then you switch say you disconnect the output put you're still getting some value so it means that maybe there's a short circuit and internal or even as an external short-circuit that is providing say milli 24 volt or zero volt directly to to the actuator to the load so these are additional measures that you find in this FTO wall that can detect those situations and as soon as they are detected it will say maybe should out and say shut down completing the system but what we call the I say passivate so they always say this more or less disable that particular output and you that error or that failure is corrected so even other tests are available so switch one test in a situation where the load is say that this is off so to check if there is an any normal situation light test so you see that these are the no measures or the additional diagnostic features that you find in this phase if iOS that help the system be able to detect dangerous situations and take measures to avoid say damages and or say injuries overall so others other models available so f do so there's a really output total also the power model actually it's an interesting one because you know that the standard ESP doesn't require power mobiles but here the idea is that you can use it's a fail-safe power module that can be used especially in low well I'll say sea level applications you see one where you can have a say a safety shutdown by using normal digital outputs so actually the F the F app or model is the one that's going to handle the shutdown so in this case you can say simplify and even yeah reduce the cost of overall of the system by using instead of having a say of using FTOs in a co2 co2 application safety shutdown you can use an FTM and then standard these outputs for the for the shutdown so that's one of the main uses of the of the FBM the core model and we have also for SP some have a few safe analog inputs so voltage and current available so we didn't have that in the past now we have for some time so that's the idea and then so there are other other devices for example motor starter if you want your so instead of using as here standard I mean contactor can use is already a qualified actuator that can be used actual co3 application also as a safety so they can have the safety devices or so on Ozzy and for the S for this time 1500 IO models also used on eternal MP there are some failsafe models currently FDI and FD all available oh so just as a kind of in a nutshell how the see a safety system based on our controllers and iOS run so it's running having and running a say different Diagnostics at the same time anything detected so the model so an FBI or FD all is passivated because a particular ever and then and that particular error or failure is fixed so we can be passivate and have it so that way the system have additional measures to detect and handle I say ever that can lead to dangerous situations and then just to finalize so there are some tools available there is a tool available say true mean to evaluate a particular system and calculate what's the level of to say of the the safety level required for that application and there I mean some examples say real examples available for failsafe applications so that's all from from the safety part

Info

Channel: TONY TECH NSK

Views: 535

Rating: undefined out of 5

Keywords: Tony Tech Nsk, siemens s7-1500 safety plc, siemens simatic, siemens plc, simatic safety v15 - getting started, s7-1500 presentation, tia portal s7-1500

Id: FhSJhlQn3Cs

Channel Id: undefined

Length: 45min 50sec (2750 seconds)

Published: Tue May 05 2020