Rockwell Automation 1715-OF8I Redundant I/O System User Manual User Manual

Rockwell Automation Publication 1715-UM001C-EN-P - March 2014

221

1715 Redundant I/O System in SIL 2 Safety Applications

Chapter 6

The task period and task watchdog are configured in the Task Properties dialog

box.

Configuring the Output Module Program/Fault Actions

For a SIL 2 safety system, the user is responsible for making sure that the SIL 2

related safety code, including the SIL 2 Add-On Instructions, are being scanned

using a safety task watchdog.

See Using ControLogix in SIL 2 Safety Applications Reference Manual

for safety

watchdog requirements.

Safety Watchdog

Configure the properties of the task used for safety correctly for your application.

• Priority: must be the highest-priority task in the application (lowest

number).

• Watchdog: the value entered for the SIL 2 safety task must be large enough

for all logic in the task to be scanned.

If the task execution time exceeds the watchdog time, a major fault occurs on the

controller. Users must monitor the watchdog and program the system outputs to

transition to the safe state (typically the OFF state) in the event of a major fault

occurring on the controller. For more information on faults see the

Using

ControLogix in SIL 2 Safety Applications Reference Manual

.

IMPORTANT

You must dedicate a specific task for safety-related functions and set that task
to the highest priority (1). SIL 2 safety logic and logic intended for use in non-

SIL 2 functions must be separate.

IMPORTANT

The preferred way to meet this controller requirement in a 1715 SIL 2 system is

to configure both the PROGRAM MODE and FAULT MODE tables for the
1715-OB8DE and 1715-OF8I with safe state values.