Diagnostics, Trusted – Rockwell Automation T80015 Application Note Trusted SC300E Migration Process User Manual
Page 10
Trusted
TM
AN-T80015
Issue 01 Apr 08
AN-T80015
Page 10 of 16
2.5. Diagnostics
I/O module and system diagnostics flags are listed in PD 8161 for the SC300E products.
The Trusted
TM
terminal program may be used to access a command line interface, where
commands are available to extract information on module status and chassis configuration.
Diagnostic data on module health, discrepancies and LFD errors is also available in the
application through the I/O connection boards for each module. In the example system, the
module status word was masked for all fault bits and these were combined into one fault
alarm. Individual fault bits and other data were also delivered to the SOE log.
The different maintenance and diagnostics on a Trusted
TM
system means that operators
must use the SOE log and command line diagnostics.
As a minimum for SC300E safety applications, the sample networks listed in the SC300E
Safety Manual must be implemented.
Network 1
MPP out of synchronisation is not applicable
Single slot module offline alarm – 60s alarm after any I/O module is taken offline
Network 2
If the system has any single element safety outputs, or any dual element safety
outputs are configured on a single output module, then the system must be configured
with a time constraint (Mandatory). This time constraint is set in hours; a minimum
2,353 hours for SIL 3, 7,440 hours for SIL 2 or 23,528 hours for SIL 1. The time
constraint timer is reset once the output fault is cleared and remains clear for the
system test time. The system test time is set in the INI file to a default of 5 minutes ie
every 5 minutes the modules are interrogated for the result of their self-tests.
Networks 3 & 4
Individual reporting of system and module fault bits.
Network 5 &10
External triplicated watchdog signal. The watchdogs are retriggered once a second.
This is to ensure that the application logic does not hang in a routine.
Networks 6, 7 & 8
Analogue input monitoring for alarm levels and slice faults. Failsafe conditions for the
signals to be defined and alarmed as appropriate.
Network 9 & 11
It is Mandatory that the diagnostic shutdown the scan is the first scan (system
incorrectly configured), or the system time constraint is exceeded, or a critical I/O
module is offline for more than the process safety time or an I/O module is removed
from the chassis without first being taken offline, or an I/O chassis is lost due power
failure or loss of two MBB modules.
Network 12
Analogue outputs must not be driven below 256 decimal which will result in the module
losing health. Low and high limits must be set eg 4mA = 895 and 20mA = 3455.