F - sil 2 applications checklist, 1715 i/o modules, Sil 2 applications checklist – Rockwell Automation 1715-OF8I Redundant I/O System User Manual User Manual

Rockwell Automation Publication 1715-UM001C-EN-P - March 2014

303

Appendix

F

SIL 2 Applications Checklist

1715 I/O Modules

The following checklist is required for planning, programming and startup of a

SIL 2-certified system that uses 1715 I/O modules. It can be used as a planning

guide as well as during proof testing. If used as a planning guide, the checklist can

be saved as a record of the plan.

Checklist for 1715 I/O Modules

Company:

Site:

Loop

definition:
No.

For SIL 2 Applications

Fulfilled

Comment

Yes

No

1

Are you using the SIL 2-certified 1715 modules only with the corresponding firmware release listed in Revision

Release List (available from the Product Certification link at

http://www.ab.com

) for your safety application?

2

Have all modules been installed in accordance with the instructions in this manual?

3

Has a risk analysis been completed to determine the required SIL for your application?

4

Has fault detection time been specified?

5

Where fault detection time is greater than the controller reaction time limit (CRTL), does the safety-related I/O

configuration provide a fail-safe configuration?

6

Has the safety-related timing for each safety-related function, including CRTL and fault tolerance period been
established?

7

Does the application program shut down the SIL 2 safety functions if a faulty module has not been replaced

within the Mean Time to Restoration (MTTR) assumed for the system in the Probability of Failure on Demand

(PFD) calculations?

8

Has the application program been set up to monitor the discrepancy alarms and alert operators when a

discrepancy alarm occurs?

9

Is the safety accuracy adequate for the application?

10

Have variables been set up to report the safety accuracy value for each channel?

11

Have variables been set up to report safe values when a channel’s safety accuracy value fails because it is

reported to be below the 1% accuracy figure?

12

Has the maximum duration for single channel operation of an I/O module been specified in accordance with the

application requirements?

13

Have you used two 1715-AENTR adapters in SIL 2 simplex and duplex configurations?

14

Have you set the Shutdown mode option for each output channel to OFF?

15

If digital output channels have been set up for Hold Last State, has the impact on the safety functions been

addressed?

16

Have you used the SIL 2 Add-On Instructions in accordance with the information in this manual?

17

Have you performed all appropriate proof tests?